TechSpot

Google search results redirect

Inactive
By androidboi
Jul 29, 2011
Topic Status:
Not open for further replies.
  1. Hi guys. I recently discovered that my PC has a virus.

    ================================

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7321

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    7/29/2011 11:57:17 AM
    mbam-log-2011-07-29 (11-57-17).txt

    Scan type: Quick scan
    Objects scanned: 203831
    Time elapsed: 6 minute(s), 13 second(s)

    Memory Processes Infected: 2
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 7

    Memory Processes Infected:
    c:\Windows\SysWOW64\nlslexicons0c1a32.exe (Adware.Agent) -> 1932 -> Unloaded process successfully.
    c:\programdata\api-ms-win-core-memory-l1-1-032.exe (Adware.Agent) -> 1976 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{016BAE5D-B482-4547-B552-A8F0FED7D90c} (IPH.GenericBHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{016BAE5D-B482-4547-B552-A8F0FED7D90C} (IPH.GenericBHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{016BAE5D-B482-4547-B552-A8F0FED7D90C} (IPH.GenericBHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetPipeActivator32 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\SysWOW64\nlslexicons0c1a32.exe (Adware.Agent) -> Quarantined and deleted successfully.
    c:\programdata\api-ms-win-core-memory-l1-1-032.exe (Adware.Agent) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-032.dll (IPH.GenericBHO) -> Quarantined and deleted successfully.
    c:\Windows\System32\nlslexicons0c1a32.exe (Adware.Agent) -> Quarantined and deleted successfully.
    c:\Users\Matt D\AppData\Local\Temp\jucheck.exe (Adware.Agent) -> Quarantined and deleted successfully.
    c:\Users\Matt D\AppData\Local\Temp\tmph895666989216823545.tmp (Adware.Agent) -> Quarantined and deleted successfully.
    c:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    DDS

    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
    Run by Matt D at 12:24:38 on 2011-07-29
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2486 [GMT -7:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\dlbkcoms.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    C:\Windows\SysWOW64\rserver30\RServer3.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Dell AIO Printer A920\DLBKbmgr.exe
    C:\Program Files (x86)\Dell AIO Printer A920\dlbkbmon.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files\mcafee.com\agent\mcagent.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
    C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110509145310.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [AdobeBridge]
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    StartupFolder: C:\Users\MATTD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    Trusted Zone: delmonte.com\connect
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    TCP: DhcpNameServer = 8.5.244.5 8.15.12.6
    TCP: Interfaces\{9AB3B0FD-590A-432F-8F9E-BD64E27A6D30} : DhcpNameServer = 8.5.244.5 8.15.12.6
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110509145310.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Matt D\AppData\Roaming\Mozilla\Firefox\Profiles\h51byo5h.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: XUL Cache: {a703501e-056d-4b39-bed3-bb578f8bfb64} - %profile%\extensions\{a703501e-056d-4b39-bed3-bb578f8bfb64}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 raddrvv3;raddrvv3;C:\Windows\SysWOW64\rserver30\raddrvv3.sys [2009-10-9 68704]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 dlbk_device;dlbk_device;C:\Windows\system32\dlbkcoms.exe -service --> C:\Windows\system32\dlbkcoms.exe -service [?]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-5-25 2275720]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-6 191000]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-29 366640]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-8-13 355440]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-8-13 355440]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-8-13 355440]
    R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-8-10 200056]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-8-10 245352]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-8-10 149032]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-9-3 444224]
    R2 RServer3;Radmin Server V3;C:\Windows\SysWOW64\rserver30\rserver3.exe [2009-10-9 1242504]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-10 673088]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 mirrorv3;mirrorv3;C:\Windows\system32\DRIVERS\rminiv3.sys --> C:\Windows\system32\DRIVERS\rminiv3.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-3 136176]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-3 136176]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-8-13 355440]
    .
    =============== Created Last 30 ================
    .
    2011-07-29 18:49:17 -------- d-----w- C:\Users\Matt D\AppData\Local\{16B360D6-5291-4119-884C-4A056D0A9D7A}
    2011-07-29 18:43:57 -------- d-----w- C:\Users\Matt D\AppData\Roaming\Malwarebytes
    2011-07-29 18:43:51 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-29 18:43:51 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-07-29 18:43:48 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-07-29 18:43:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-07-28 22:23:07 -------- d-----w- C:\Users\Matt D\AppData\Local\{A289BB8C-D037-4DEC-BEFA-FD4427E2DD23}
    2011-07-27 23:32:13 -------- d-----w- C:\Users\Matt D\AppData\Local\{D9D704D6-7E58-487A-A947-902EA4FB9E19}
    2011-07-22 15:17:50 -------- d-----w- C:\Users\Matt D\AppData\Local\{165BC43D-30C0-4135-9023-8B4B4F76294E}
    2011-07-22 04:28:48 -------- d-----w- C:\Users\Matt D\AppData\Local\{265DAB06-6A42-4DE3-B735-FB7E04A31ED6}
    2011-07-19 07:27:38 -------- d-----w- C:\Users\Matt D\AppData\Local\{3B88861A-8130-43F3-B0C4-750C03395821}
    2011-07-16 21:36:13 -------- d-----w- C:\Users\Matt D\AppData\Local\{3994C286-0D7B-492E-8CD1-1DF006EBD9F2}
    2011-07-16 06:20:16 -------- d-----w- C:\Users\Matt D\AppData\Local\{8BC92815-51F7-44E4-B007-D9AC5B16F409}
    2011-07-15 06:18:27 -------- d-----w- C:\Users\Matt D\AppData\Local\{7AF1713F-7603-41B5-838B-CD8BC909A8B2}
    2011-07-14 23:14:31 -------- d-----w- C:\Perfect World Entertainment
    2011-07-14 07:57:30 -------- d-----w- C:\Users\Matt D\AppData\Local\{91CC1669-098C-4452-BE49-B622EFC2FDAB}
    2011-07-13 20:31:55 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-13 20:31:55 338944 ----a-w- C:\Windows\System32\conhost.exe
    2011-07-13 20:31:55 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-13 20:31:55 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-07-13 20:31:54 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-13 20:31:54 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-13 20:31:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-13 20:31:54 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-13 20:31:54 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-13 20:31:54 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-13 20:31:48 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-12 19:11:50 -------- d-----w- C:\Users\Matt D\AppData\Local\{8B510E6A-AA14-46E1-B1FD-BE3E4131DC89}
    2011-07-09 15:35:46 -------- d-----w- C:\Users\Matt D\AppData\Local\{0CC4DD8F-7086-4D6F-9F71-A4C1926F4D6A}
    2011-07-08 07:56:57 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2011-07-08 07:56:56 -------- d-----w- C:\Program Files (x86)\Steam
    2011-07-08 03:45:36 -------- d-----w- C:\Users\Matt D\AppData\Local\{9AADBCE8-3AD1-4D7F-8619-2B1984596787}
    2011-07-08 03:42:45 0 ---ha-w- C:\Users\Matt D\AppData\Local\BIT8E6E.tmp
    2011-07-08 03:41:11 -------- d-----w- C:\Users\Matt D\AppData\Local\{32E89FE6-1145-4C29-AAE1-9CAE416E6592}
    2011-07-07 03:18:32 -------- d-----w- C:\Users\Matt D\AppData\Local\{C1E277F7-7FDF-4DBA-BF01-683A70CD2D18}
    2011-07-04 18:38:43 -------- d-----w- C:\Users\Matt D\AppData\Local\{46E18CCE-68FF-4320-ACDB-83D16754F5DB}
    2011-07-04 06:37:58 -------- d-----w- C:\Users\Matt D\AppData\Local\{0A73A267-00FF-4278-A6FA-CAF2748C7150}
    2011-07-03 10:01:55 -------- d-----w- C:\Users\Matt D\AppData\Local\{7B1BAC9B-A91E-4EDD-8338-E09013FB1C0B}
    2011-06-30 17:47:28 -------- d-----w- C:\Users\Matt D\AppData\Local\{65F16A40-8FB9-468A-A5EE-6305C4371124}
    2011-06-30 08:02:16 80 --sh--r- C:\Windows\CT6PRET.BIN
    2011-06-30 08:02:07 3850760 ----a-w- C:\Windows\SysWow64\D3DX9_38.dll
    2011-06-30 08:00:44 -------- d-----w- C:\ProgramData\Reallusion
    2011-06-30 07:59:58 -------- d-----w- C:\Program Files (x86)\Common Files\Reallusion
    2011-06-30 07:59:48 -------- d-----w- C:\Program Files (x86)\Reallusion
    .
    ==================== Find3M ====================
    .
    2011-06-30 17:47:53 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-28 02:02:11 72080 ----a-w- C:\Users\Matt D\g2mdlhlpx.exe
    2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
    2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2011-05-24 01:33:29 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2011-05-04 11:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
    2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
    2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
    2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
    2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
    2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
    2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
    2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
    2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
    2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
    2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
    2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
    2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
    2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
    2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
    2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
    2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
    2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
    2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    .
    ============= FINISH: 12:25:50.65 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/12/2010 10:03:58 PM
    System Uptime: 7/29/2011 12:02:57 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 04GJJT
    Processor: AMD Athlon(tm) II X2 240 Processor | CPU 1 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 456 GiB total, 363.795 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP120: 7/3/2011 7:00:10 PM - Windows Backup
    RP121: 7/8/2011 12:56:31 AM - Installed Steam
    RP122: 7/14/2011 12:49:11 AM - Windows Update
    RP123: 7/21/2011 3:24:16 AM - Scheduled Checkpoint
    RP124: 7/27/2011 4:47:00 PM - Installed Java(TM) 6 Update 26
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    7-Zip 9.15 beta
    A4TECH PC Camera K
    Acoustica MP3 Audio Mixer
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe CMaps CS4
    Adobe Color Video Profiles AE CS4
    Adobe Community Help
    Adobe Default Language CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS5
    Adobe Reader 9.4.1
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe XMP Panels CS4
    Apple Application Support
    Apple Software Update
    ASIO4ALL
    ATI Catalyst Control Center
    Audacity 1.3.12 (Unicode)
    AviSynth 2.5
    Bing Bar
    Bing Bar Platform
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Collab
    Command & Conquer Generals
    Consumer In-Home Service Agreement
    Cool Edit Pro 2.1
    CrazyTalk v6.21 PRO
    D3DX10
    DAEMON Tools Lite
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Emperor: Rise of the Middle Kingdom 1.0.1.0
    FL Studio 8
    General Module
    Google Update Helper
    GoToAssist 8.0.0.514
    GoToMeeting 4.8.0.723
    Handbrake 0.9.4
    IL Download Manager
    Inkscape 0.48.0
    Jackson Tower
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    LAME v3.98.2 for Audacity
    Logitech Vid
    LogMeIn Hamachi
    Malwarebytes' Anti-Malware version 1.51.1.1800
    McAfee Security Center
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox (3.6.10)
    MSVCRT
    MSVCRT_amd64
    Network Addon Mod Version 29
    Network Play System (Patching)
    Network Widening Mod Version 1.1.0
    Pando Media Booster
    PDF Settings CS5
    Photoshop Camera Raw
    Pixel Bender Toolkit
    PoiZone
    Portland Federal Building
    PowerDVD DX
    QuickTime
    Radmin Server 3.4
    RealHighway Mod Version 4.1.0
    Realtek High Definition Audio Driver
    Rosetta Stone Ltd Services
    Roxio Burn
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SimCity 4 Deluxe
    Skins
    Skype™ 5.3
    Spelling Dictionaries Support For Adobe Reader 9
    Steam
    Suite Shared Configuration CS4
    System Requirements Lab
    System Requirements Lab CYRI
    Toxic Biohazard
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2553975)
    Videora iPod nano Converter 6
    VoiceOver Kit
    Vuze
    War And Peace
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Winning Eleven 9
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/29/2011 3:28:49 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer HOME that believes that it is the master browser for the domain on transport NetBT_Tcpip_{00C4DD38-919A-45BA-ADEB-FBE46D6B9412}. The master browser is stopping or an election is being forced.
    7/29/2011 12:03:08 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    7/29/2011 12:03:08 PM, Error: atikmdag [43029] - Display is not active
    7/29/2011 11:57:17 AM, Error: Service Control Manager [7034] - The Net.Pipe Listener Adapter service terminated unexpectedly. It has done this 1 time(s).
    7/28/2011 3:15:32 PM, Error: Service Control Manager [7023] - The McAfee VirusScan Announcer service terminated with the following error: Incorrect function.
    7/28/2011 12:42:21 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    7/27/2011 4:32:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    7/27/2011 4:32:57 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/27/2011 4:26:04 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
    7/26/2011 9:08:58 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Jocelyn-PC\Matt D SID (S-1-5-21-1233441066-1885149428-1282759394-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/26/2011 9:08:58 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Jocelyn-PC\Matt D SID (S-1-5-21-1233441066-1885149428-1282759394-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I have deleted your duplicate thread. Sometimes it takes a few minutes before thread is seen. Please keep all logs, questions, information for this problem on this thread. Not sure what your 'bump' comment means. I am subscribed to the thread and will get email feedback when a reply is made.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    So backing up, going to the 'official beginning'!

    Welcome to TechSpot!. I will wait until all of the logs are posted before taking the next step.
    ==============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  4. androidboi

    androidboi TS Rookie Topic Starter

    sorry about that. :) and please ignore anything else i said. :D

    anyway, i wasn't able to run gmer, is it alright if i just skipped it?
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Try either of these for GMER. If neither works, skip it for now:

    1. Uncheck the devices, then try the scan.

    2. Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    Then try the scan.
     
  6. androidboi

    androidboi TS Rookie Topic Starter

    pardon my ignorance, but what do you mean by "uncheck the devices"?

    i tried running it on safe mode and i got the same message:

    C:\Users\name\Desktop\x7yhn2dl.exe is not a valid Win32 application.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Skip it for now.
     
  8. androidboi

    androidboi TS Rookie Topic Starter

    alright. ive completed th rest of the 7 step process.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    1. How?
    2. What happening?
    3. IS there something you can't do?
    4. Are you getting alerts or messages? If yes, from what?

    You do have malware, but it helps me help you if you describe the problems you are having. Throwing out a bunch of logs leave me very short of information.
    ====================================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ============================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.