Inactive Internet Pages not loading right away or correctly, have had weird pop-ups

C

coocabarra

Posts: 6   +0
Since about last week, anytime i try to get online, I have to refresh and "try again" several times until the page will actually load. When the page ultimately loads, sometimes the script is all weird. It is also running very slow. I am a student, and this is causing me a lot of grief when trying to get assignments done. More recently today, when I opened up firefox, I got some annoying pop ups every time I tried to exit or load another page. It said "bad NPObject as private data". It was a javascript thing. I read about it online, and disabled McAfee site advisor extension, which has seemed to work so far. I was going to use advice on here to other peoples problems that were similar to mine, but I also read something on here that said to not do that. Any help at all will be much appreciated!
Here are the logs that are requested: I saved a GMER log to my desktop after the scan was finished, but it was empty when I opened up the file. It said that it didn't find any modifications.

MBAM:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7909

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

10/13/2011 8:31:13 PM
mbam-log-2011-10-13 (20-31-13).txt

Scan type: Quick scan
Objects scanned: 181233
Time elapsed: 12 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27
Run by coocabarra2 at 21:18:03 on 2011-10-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1025 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\SysWOW64\bgsvcgen.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
C:\WINDOWS\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=antn&s={searchTerms}&f=4
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {ae8b2b68-78f5-45bf-a730-6b1744811060} - C:\Program Files (x86)\San Jose Sharks Toolbar\Helper.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: San Jose Sharks Toolbar BHO: {6a0e14c3-9ebc-4d79-b9da-9c7d93fafccc} - C:\Program Files (x86)\San Jose Sharks Toolbar\Toolbar.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011211005.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: San Jose Sharks Toolbar: {1c35e912-ebf4-4b63-9bd2-dee65d1220a9} - C:\Program Files (x86)\San Jose Sharks Toolbar\Toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\COOCAB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VIDEOC~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3BF81B56-9BAD-4D4F-938F-424534C24709} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3BF81B56-9BAD-4D4F-938F-424534C24709}\461667560393 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs:
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: San Jose Sharks Toolbar BHO: {6A0E14C3-9EBC-4D79-B9DA-9C7D93FAFCCC} - C:\Program Files (x86)\San Jose Sharks Toolbar\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011211005.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO-X64: DCA - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: San Jose Sharks Toolbar: {1C35E912-EBF4-4B63-9BD2-DEE65D1220A9} - C:\Program Files (x86)\San Jose Sharks Toolbar\Toolbar.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce-x64: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
AppInit_DLLs-X64:
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\coocabarra2\AppData\Roaming\Mozilla\Firefox\Profiles\7u3nc8oj.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\coocabarra2\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe -service --> C:\Windows\system32\dlcxcoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-14 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-14 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-14 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-14 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-6-30 199008]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-6-30 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-6-30 158832]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-8-2 91456]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-18 656624]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 0294191318433691mcinstcleanup;McAfee Application Installer Cleanup (0294191318433691);C:\Windows\TEMP\029419~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\029419~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-12 135664]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-13 1153368]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-12 135664]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.reg=Regedit.Document
.
=============== Created Last 30 ================
.
2011-10-14 02:33:01 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-14 02:33:01 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-13 19:48:36 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA8F99B7-3F4C-4C8D-AF79-64C881C85515}\offreg.dll
2011-10-13 19:48:32 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA8F99B7-3F4C-4C8D-AF79-64C881C85515}\mpengine.dll
2011-10-12 06:54:52 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-10-12 06:54:41 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD68C550-8EE2-4C03-8F89-1FC3B42A8B16}\gapaengine.dll
2011-10-10 21:24:12 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-09 18:47:19 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-10-09 18:47:07 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-10-07 17:32:58 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E6359B5-58C3-4685-BC31-81840F28C908}\mpengine.dll
2011-10-02 01:22:20 -------- d-----w- C:\Users\coocabarra2\AppData\Local\{D8AA8F58-2A79-4CBD-95E5-3CB19CCB7651}
2011-10-02 01:22:07 -------- d-----w- C:\Users\coocabarra2\AppData\Local\{57C09A6B-AAD7-46B1-9351-66BD84CE2219}
2011-09-23 05:16:22 -------- d-----w- C:\Users\coocabarra2\AppData\Local\{C80045FE-10E4-4137-A1FD-340AE3DD9F51}
2011-09-23 05:16:10 -------- d-----w- C:\Users\coocabarra2\AppData\Local\{210B3AF2-79E3-428F-A37D-FD68470C1240}
2011-09-22 17:16:10 -------- d-----w- C:\Users\coocabarra2\AppData\Local\{9BC1AAB9-8A1A-4329-AA0A-4311315BB325}
2011-09-21 22:10:35 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2011-09-21 06:10:07 -------- d-----w- C:\Users\coocabarra2\AppData\Local\Blockbuster
2011-09-21 05:48:46 -------- d-----w- C:\ProgramData\Movielink
2011-09-21 05:48:40 -------- d-----w- C:\Program Files (x86)\Blockbuster
2011-09-18 04:35:24 -------- d-----w- C:\Users\coocabarra2\AppData\Local\{5E020467-145D-450A-A5DC-B480731AC7F6}
2011-09-14 23:48:46 -------- d-----w- C:\Users\coocabarra2\AppData\Local\{24DD2553-47A9-4B3F-88EF-C5F0C680EF05}
2011-09-14 23:48:20 -------- d-----w- C:\Users\coocabarra2\AppData\Local\{E27C6CDB-C351-46FD-964B-B2D57C517B5A}
.
==================== Find3M ====================
.
2011-10-14 01:55:01 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2011-10-12 15:19:18 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2011-10-08 02:11:53 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 02:11:40 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2011-09-06 02:11:17 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-15 17:00:06 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-08-15 17:00:06 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-08-15 17:00:06 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-08-15 17:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-08-15 17:00:06 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-08-15 17:00:06 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-08-15 17:00:06 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-08-15 17:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-08-15 17:00:06 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-19 12:05:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
.
============= FINISH: 21:19:02.79 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/10/2010 10:45:34 PM
System Uptime: 10/13/2011 1:09:21 PM (8 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 53.261 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP114: 9/13/2011 1:42:32 PM - Windows Update
RP115: 9/14/2011 3:01:48 AM - Windows Update
RP116: 9/18/2011 3:01:03 AM - Windows Update
RP117: 9/23/2011 10:18:19 PM - Windows Update
RP118: 9/27/2011 7:54:57 AM - Windows Update
RP119: 9/29/2011 3:00:57 AM - Windows Update
RP120: 10/4/2011 9:48:45 AM - Windows Update
RP121: 10/7/2011 10:32:26 AM - Windows Update
RP122: 10/10/2011 2:22:48 PM - Windows Update
RP123: 10/13/2011 7:16:28 PM - Installed Java(TM) 6 Update 27
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.5
Adobe Shockwave Player 11.5
Airport Mania 2: Wild Trips
Apple Application Support
Apple Software Update
Banctec Service Agreement
Big Fish Games: Game Manager
BitTorrent
BLOCKBUSTER Movielink
Burger Bustle
calibre
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Complete Care Consumer Service Agreement
ConvertXtoDVD 4.1.2.336
Cooking Dash
Cooking Dash - DinerTown Studios
Cooking Dash 3: Thrills and Spills Collector's Edition
Cozi
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Diner Dash 5: Boom
Facebook Plug-In
Farm Mania
Farm Mania 2
Farm Mania: Hot Vacation
Feedback Tool
FrostWire 4.21.5
Google Chrome
Google Earth Plug-in
Google Update Helper
GoToAssist 8.0.0.514
Hobby Farm
Hotel Dash 2: Lost Luxuries
Hotel Dash: Suite Success
Java Auto Updater
Java(TM) 6 Update 27
Junk Mail filter update
LoJack for Laptops Notifier
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MotoConnect
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Oasis
Pioneer Lands
PowerDVD DX
QuickTime
Registry Life version 1.26
Roads of Rome II
Roxio Burn
San Jose Sharks Toolbar
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SimpleOCR 3.1
Soap Opera Dash
Spybot - Search & Destroy
Supermarket Mania ® 2
Top Chef
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Veetle TV 0.9.18
VideoCam Suite 3.0
Wedding Dash
Wedding Dash 4-Ever
Wedding Dash: Ready, Aim, Love
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
10/9/2011 12:49:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
10/9/2011 11:48:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/9/2011 11:48:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
10/9/2011 11:48:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
10/9/2011 11:48:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
10/9/2011 11:48:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
10/9/2011 11:48:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
10/9/2011 11:48:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
10/9/2011 11:48:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
10/9/2011 11:48:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
10/9/2011 11:48:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
10/9/2011 11:48:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
10/9/2011 11:48:32 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/13/2011 12:44:56 PM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
10/13/2011 12:44:56 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/13/2011 12:43:05 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/13/2011 12:41:00 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/13/2011 12:37:05 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/12/2011 8:34:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
10/11/2011 11:55:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.113.1471.0).
10/11/2011 11:54:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.1445.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80070643 Error description: Fatal error during installation.
.
==== End Of File ===========================
 
Good Morning and Welcome To TechSpot. I can review the system for malware, but understand that there are many reasons for 'slow'. Although we might find malware, it may not be cause cause.
----------------------------
Please read the following to continue:
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
For the error popup you're getting: do you have the Flash Block in Firefox? If yes, try disabling it and see if that resolves it.
=============================
You are running 2 antivirus programs. Please uninstall one of them. Reboot the computer when through.
AV: Microsoft Security Essentials
AV: McAfee Anti-Virus and Anti-Spyware

The errors show that Microsoft Antimalware [2001] has not been able to update, possibly because it is not the current version.
==============================
We will be removing some of the toolbars and browser helper objects that aren't needed and re sometimes bundled with adware or spyware.

You are also running many unneeded processes in the background. If they are set on the Startup Menu to start on boot, most will continue to run in the background- this can slow you down.
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
====================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

Please post the entire log with heading resembling this:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
Click to expand...

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
==================================
Please tell me how much RAM is installed.
 
Sorry it took me so long to respond back, but it has taken over 4 hours just to run Eset. I did run Eset and Combofix, and here's the logs from that- Also, the pop-ups are gone now, and I have 3.00gb of RAM. By the way, thanks for your help :)


ComboFix 11-10-14.02 - coocabarra2 10/14/2011 8:40.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1652 [GMT -7:00]
Running from: c:\users\coocabarra2\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dll
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20110314171814.log
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\_Default.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\AxInterop.ImageEnXLibrary_1.9000.0.0_L_75236aeec3d51fd0_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\CFToolkit_4.1.0.0_a87e673e9ecb6e8e_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190241.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190244.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190312.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\FreeOCR_2.1.0.8_L_075a6c69191ec1db_x86.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.ImageLibrary_1.9000.0.0_L_8cdfa8b955dbb1c7_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.PDFAX0717_7.17.0.0_L_3d5fa783dbb69c0f_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.dat
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exe
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.ico
c:\users\coocabarra2\AppData\Roaming\Install.dat
c:\users\coocabarra2\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-09-14 to 2011-10-14 )))))))))))))))))))))))))))))))
.
.
2011-10-14 15:56 . 2011-10-14 15:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-14 15:26 . 2011-10-14 16:02 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E6359B5-58C3-4685-BC31-81840F28C908}\offreg.dll
2011-10-14 02:33 . 2011-10-14 03:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-14 02:33 . 2011-10-14 02:33 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-10-14 02:18 . 2011-10-14 02:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-13 19:45 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 19:41 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 19:41 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 19:41 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 19:41 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 19:41 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 19:41 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 19:41 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 19:41 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-08 02:11 . 2011-10-08 02:11 -------- d-----w- c:\windows\system32\Macromed
2011-10-07 17:32 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E6359B5-58C3-4685-BC31-81840F28C908}\mpengine.dll
2011-09-21 22:10 . 2011-10-06 23:42 28504 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2011-09-21 06:10 . 2011-09-21 06:10 -------- d-----w- c:\users\coocabarra2\AppData\Local\Blockbuster
2011-09-21 05:48 . 2011-09-21 05:48 -------- d-----w- c:\programdata\Movielink
2011-09-21 05:48 . 2011-09-21 05:48 -------- d-----w- c:\program files (x86)\Blockbuster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-14 16:10 . 2010-06-10 05:41 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2011-10-14 15:59 . 2010-06-11 05:59 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2011-10-08 02:11 . 2011-05-22 00:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 02:11 . 2010-06-10 05:43 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2011-09-06 02:11 . 2010-06-10 05:41 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2011-09-01 00:00 . 2011-01-30 22:43 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-15 17:00 . 2010-06-30 22:44 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 17:00 . 2010-06-30 22:44 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-08-15 17:00 . 2010-06-30 22:44 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 17:00 . 2010-06-30 22:44 481504 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 17:00 . 2010-06-30 22:44 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 17:00 . 2010-06-30 22:44 228752 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 17:00 . 2010-06-30 22:44 100904 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 17:00 . 2010-04-14 19:50 642824 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 17:00 . 2010-04-14 19:50 158584 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-07-19 12:05 . 2010-08-25 23:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ae8b2b68-78f5-45bf-a730-6b1744811060}"= "c:\program files (x86)\San Jose Sharks Toolbar\Helper.dll" [2011-03-28 357376]
.
[HKEY_CLASSES_ROOT\clsid\{ae8b2b68-78f5-45bf-a730-6b1744811060}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{B1D0F144-239D-4D5A-8262-673BF8E94E89}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6A0E14C3-9EBC-4D79-B9DA-9C7D93FAFCCC}]
2011-03-28 15:39 1538048 ----a-w- c:\program files (x86)\San Jose Sharks Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1C35E912-EBF4-4B63-9BD2-DEE65D1220A9}"= "c:\program files (x86)\San Jose Sharks Toolbar\Toolbar.dll" [2011-03-28 1538048]
.
[HKEY_CLASSES_ROOT\clsid\{1c35e912-ebf4-4b63-9bd2-dee65d1220a9}]
[HKEY_CLASSES_ROOT\FCTB000059881.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{E7283C21-C8E6-4B59-8DB8-32C3FA72ADA8}]
[HKEY_CLASSES_ROOT\FCTB000059881.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-09-11 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-17 1674896]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-09-17 165104]
.
c:\users\coocabarra2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VideoCam Suite.lnk - c:\program files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2010-7-29 349600]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 135664]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-12 561152]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 208272]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 158832]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 07:03]
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 07:03]
.
2011-10-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2011-10-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-06 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MemoryCardManager"="c:\program files (x86)\Dell Photo AIO Printer 926\memcard.exe" [2006-11-04 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll" [2006-10-16 31744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\coocabarra2\AppData\Roaming\Mozilla\Firefox\Profiles\7u3nc8oj.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{1C35E912-EBF4-4B63-9BD2-DEE65D1220A9} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BFG-Wedding Dash - Ready, Aim, Love - c:\program files (x86)\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1669252175-1901661260-3532343193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1669252175-1901661260-3532343193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
.
**************************************************************************
.
Completion time: 2011-10-14 09:25:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-14 16:24
.
Pre-Run: 58,536,112,128 bytes free
Post-Run: 58,808,442,880 bytes free
.
- - End Of File - - 242E7F7EC003688B4ED00BC2A557BAED



This is what was in my Eset log:


C:\Users\coocabarra2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3b21782c-604b89db Java/Agent.AZ trojan
C:\Users\coocabarra2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\24c80fb0-19a46517 multiple threats
C:\Users\coocabarra2\Downloads\SoftonicDownloader_for_frostwire.exe a variant of Win32/SoftonicDownloader.A application
 
Something you should know There are 14 entries for the following loading from the Registry:

1. FCToolbarURLSearchHook.1/San Jose Sharks Toolbar/FreeCause
San Jose Sharks Toolbar - a Softomate/Besttoolbars Toolbar variant - Softomate customizes toolbars to customers needs. The dll files for their toolbars contain some spyware/adware functionality, although not all of the toolbars use this. Your choice.
----------------------------
2. You are also running a marketing tool: C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll

3. You also have Facemoods set as your Search Assistant: facemoods comes bundled with third party software: Supports the free Facemoods add-on for Facebook Chat that "gives you a huge collection of smileys, winks, text effects and more!" (most surely a hugh collection of malware also!) and once loaded it exits. Note - if you install using the default options it will make facemoods.com the default home page, search provider and "new tab" page for your browser

4. Downloads hosted at Softonic can be preceded by a customized installer called "Softonic Downloader"One of the infected files in Eset is the Softonic Downloader. which shows "commercial offers, such as the Softonic Toolbar'. It looks like it was from Frostwire, a files sharing site...Frostwire is an alternative to Limewire, which in not a recommendation!.

My recommendation is that we remove them.
===================================================
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files  
C:\Users\coocabarra2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3b21 782c-604b89db 
C:\Users\coocabarra2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\24c8 0fb0-19a46517 
C:\Users\coocabarra2\Downloads\SoftonicDownloader_for_frostwire.exe 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===========================================
Right now, your system is like a big magnet for malware! I have script set up for you to run through Combofix to remove the entries I listed above. Do you want to remove them?
 
Yes, I would love to remove them! I will run the script as soon as you give it to me. Here is the log from OTM:



All processes killed
========== FILES ==========
File/Folder C:\Users\coocabarra2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3b21 782c-604b89db not found.
File/Folder C:\Users\coocabarra2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\24c8 0fb0-19a46517 not found.
C:\Users\coocabarra2\Downloads\SoftonicDownloader_for_frostwire.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: coocabarra2
->Temp folder emptied: 576978 bytes
->Temporary Internet Files folder emptied: 315803632 bytes
->Java cache emptied: 15336694 bytes
->FireFox cache emptied: 104480164 bytes
->Google Chrome cache emptied: 6580261 bytes
->Flash cache emptied: 2704 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6778 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 71696 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 422.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 10162011_093553

Files moved on Reboot...
C:\Users\coocabarra2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\mcafee_Hq5vN1TrayVNLsL moved successfully.

Registry entries deleted on Reboot...
 
Okay then:


Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
KillAll::
File::
c:\users\Default\AppData\Local\temp
DDS::
mSearchAssistant = hxxp://start.facemoods.com/?a=antn&s={searchTerms}&f=4
uURLSearchHooks: FCToolbarURLSearchHook Class: {ae8b2b68-78f5-45bf-a730-6b1744811060} - C:\Program Files (x86)\San Jose Sharks Toolbar\Helper.dll
uURLSearchHooks: H - No File
BHO: San Jose Sharks Toolbar BHO: {6a0e14c3-9ebc-4d79-b9da-9c7d93fafccc} - C:\Program Files (x86)\San Jose Sharks Toolbar\Toolbar.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
TB: San Jose Sharks Toolbar: {1c35e912-ebf4-4b63-9bd2-dee65d1220a9} - C:\Program Files (x86)\San Jose Sharks Toolbar\Toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO-X64: DCA - No File
TB-X64: San Jose Sharks Toolbar: {1C35E912-EBF4-4B63-9BD2-DEE65D1220A9} - C:\Program Files (x86)\San Jose Sharks Toolbar\Toolbar.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ae8b2b68-78f5-45bf-a730-6b1744811060}"=--
[HKEY_CLASSES_ROOT\clsid\{ae8b2b68-78f5-45bf-a730-6b1744811060}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{B1D0F144-239D-4D5A-8262-673BF8E94E89}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6A0E14C3-9EBC-4D79-B9DA-9C7D93FAFCCC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1C35E912-EBF4-4B63-9BD2-DEE65D1220A9}"=-
[HKEY_CLASSES_ROOT\clsid\{1c35e912-ebf4-4b63-9bd2-dee65d1220a9}]
[HKEY_CLASSES_ROOT\FCTB000059881.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{E7283C21-C8E6-4B59-8DB8-32C3FA72ADA8}]
[HKEY_CLASSES_ROOT\FCTB000059881.IEToolbar]
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

  • Click on the Windows 7 start icon in the bottom left corner of your screen.
  • Type MSCONFIG in the search box> press enter or double-click on the MSCONFIG program that appears in the search results.
    msconfig_win7_2.gif
  • Click on Selective Startup
  • Click on the Startup tab. You will now see the System Msconfig Utility
    msconfig_win7_4.gif


    Windows 7 loads almost all of Windows' essential programs are loaded through Windows Services. So most of the startup items you see here are optional and can be turned off.
    Important! When in doubt, leave it on-or- use a Startup database to identify a process you are not sure of.
  • Uncheck any of the following entries:
    San Jose Sharks Toolbar
    FreeCause
    Facemoods    .
  • When finished> click on OK
    Reboot the computer.
  • When you see this message come up: Check 'don't show this message again'>
  • Click on 'Exit without restart'.
msconfig_win7_5.gif

Images courtesy NetSquirrel
----------------------------------------
Uninstall / Change / Repair Programs and Features in Windows 7

Click on Start> Control Panel> Programs and Features> Click View installed updates in the left pane> Select the following from the list and Uninstall button will appear> Click Uninstall for each> Click Yes to confirm.
San Jose Sharks Toolbar
FreeCause
Facemoods.
Exit the Control Panel

Using Windows Explorer (Windows key + E) click on Computer> Double click on Local Drive(C)> Programs> Look for folder for each program you uninstalled> Do a right click> Delete on each.
Exit Windows Explorer.

Reboot back into Normal Mode.
 
I was able to delete the 3 programs from my computer successfully. Here is the log from combofix: Please let me know if I need to do anything else. Thanks!!!



ComboFix 11-10-17.02 - coocabarra2 10/18/2011 8:38.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1790 [GMT -7:00]
Running from: c:\users\coocabarra2\Desktop\ComboFix.exe
Command switches used :: c:\users\coocabarra2\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Default\AppData\Local\temp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
c:\program files (x86)\San Jose Sharks Toolbar\Toolbar.dll
c:\programdata\PCDr\5830\Downloads\0fc909b5-f105-4459-82f3-583c6ea5d734.dll
c:\programdata\PCDr\5830\Downloads\482517d4-aaa6-47f8-a7ad-de5cf6021ac2.dll
c:\programdata\PCDr\5830\Downloads\ca1d3e50-4692-4c3f-877c-4f9917ab37a5.dll
c:\programdata\PCDr\5830\Downloads\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-18 15:54 . 2011-10-18 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-16 16:35 . 2011-10-16 16:35 -------- d-----w- C:\_OTM
2011-10-15 05:20 . 2011-10-18 16:00 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E231D7D-D12D-4C9C-8424-304FC5018D2F}\offreg.dll
2011-10-15 05:20 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E231D7D-D12D-4C9C-8424-304FC5018D2F}\mpengine.dll
2011-10-14 17:00 . 2011-10-14 17:00 -------- d-----w- c:\program files (x86)\ESET
2011-10-14 02:33 . 2011-10-18 15:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-14 02:33 . 2011-10-18 15:30 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-10-14 02:18 . 2011-10-14 02:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-13 19:45 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 19:41 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 19:41 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 19:41 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 19:41 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 19:41 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 19:41 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 19:41 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 19:41 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-08 02:11 . 2011-10-08 02:11 -------- d-----w- c:\windows\system32\Macromed
2011-09-21 22:10 . 2011-10-06 23:42 28504 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2011-09-21 06:10 . 2011-09-21 06:10 -------- d-----w- c:\users\coocabarra2\AppData\Local\Blockbuster
2011-09-21 05:48 . 2011-09-21 05:48 -------- d-----w- c:\programdata\Movielink
2011-09-21 05:48 . 2011-09-21 05:48 -------- d-----w- c:\program files (x86)\Blockbuster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 15:56 . 2010-06-10 05:41 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2011-10-18 15:56 . 2010-06-11 05:59 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2011-10-08 02:11 . 2011-05-22 00:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 02:11 . 2010-06-10 05:43 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2011-09-06 02:11 . 2010-06-10 05:41 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2011-09-01 00:00 . 2011-01-30 22:43 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-15 17:00 . 2010-06-30 22:44 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 17:00 . 2010-06-30 22:44 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-08-15 17:00 . 2010-06-30 22:44 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 17:00 . 2010-06-30 22:44 481504 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 17:00 . 2010-06-30 22:44 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 17:00 . 2010-06-30 22:44 228752 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 17:00 . 2010-06-30 22:44 100904 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 17:00 . 2010-04-14 19:50 642824 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 17:00 . 2010-04-14 19:50 158584 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-14_15.59.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-10-18 15:58 39020 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-30 22:34 . 2011-10-18 15:58 12138 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1669252175-1901661260-3532343193-1001_UserData.bin
- 2010-06-10 05:42 . 2011-10-14 15:46 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-10 05:42 . 2011-10-18 15:33 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-10 05:42 . 2011-10-18 15:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-10 05:42 . 2011-10-14 15:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-14 15:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-18 15:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-11 05:53 . 2011-10-14 15:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-11 05:53 . 2011-10-18 00:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-11 05:53 . 2011-10-18 00:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-11 05:53 . 2011-10-14 15:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-11 05:53 . 2011-10-18 00:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-11 05:53 . 2011-10-14 15:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-11 05:53 . 2011-10-14 15:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-11 05:53 . 2011-10-18 15:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-11 05:53 . 2011-10-14 15:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-11 05:53 . 2011-10-18 15:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-14 15:58 . 2011-10-14 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-18 15:56 . 2011-10-18 15:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-18 15:56 . 2011-10-18 15:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-14 15:58 . 2011-10-14 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-23 03:15 . 2011-10-18 15:28 239764 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-06-11 16:40 . 2011-10-18 04:29 280276 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-06-13 10:27 . 2011-10-14 10:35 857624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-06-13 10:27 . 2011-10-17 21:28 857624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-10-18 15:55 275068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-14 15:57 275068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-31 16:44 . 2011-10-14 15:57 1819304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1669252175-1901661260-3532343193-1001-8192.dat
+ 2010-10-31 16:44 . 2011-10-18 15:55 1819304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1669252175-1901661260-3532343193-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ae8b2b68-78f5-45bf-a730-6b1744811060}"= "c:\program files (x86)\San Jose Sharks Toolbar\Helper.dll" [2011-03-28 357376]
.
[HKEY_CLASSES_ROOT\clsid\{ae8b2b68-78f5-45bf-a730-6b1744811060}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{B1D0F144-239D-4D5A-8262-673BF8E94E89}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-09-11 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-17 1674896]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-09-17 165104]
.
c:\users\coocabarra2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VideoCam Suite.lnk - c:\program files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2010-7-29 349600]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 135664]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-12 561152]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 208272]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 158832]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 07:03]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 07:03]
.
2011-10-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2011-10-18 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-06 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MemoryCardManager"="c:\program files (x86)\Dell Photo AIO Printer 926\memcard.exe" [2006-11-04 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll" [2006-10-16 31744]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\coocabarra2\AppData\Roaming\Mozilla\Firefox\Profiles\7u3nc8oj.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1669252175-1901661260-3532343193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1669252175-1901661260-3532343193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
c:\windows\SysWOW64\rpcnet.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
c:\program files (x86)\Absolute Software\LoJack for Laptops notifier\LoJackNotifier.exe
.
**************************************************************************
.
Completion time: 2011-10-18 09:18:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-18 16:18
ComboFix2.txt 2011-10-14 16:25
.
Pre-Run: 58,201,894,912 bytes free
Post-Run: 58,153,881,600 bytes free
.
- - End Of File - - FCFB4C3CFB5828F7EA75CD13D7476404
 
Glad to help! My internet was down all yesterday. Trying to catch up.

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
DDS::
mSearchAssistant = hxxp://start.facemoods.com/?a=antn&s={searchTerms}&f=4
uURLSearchHooks: FCToolbarURLSearchHook Class: {ae8b2b68-78f5-45bf-a730-6b1744811060} - C:\Program Files (x86)\San Jose Sharks Toolbar\Helper.dll
uURLSearchHooks: H - No File
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ae8b2b68-78f5-45bf-a730-6b1744811060}"=-.
[HKEY_CLASSES_ROOT\clsid\{ae8b2b68-78f5-45bf-a730-6b1744811060}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{B1D0F144-239D-4D5A-8262-673BF8E94E89}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Reboot the computer when through.
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Hopefully we got all the bad entries.
 
Here are the logs from Combofix and HijackThis: Please let me know what I need to do next, and as always, thank you for your help :)




ComboFix 11-10-17.02 - coocabarra2 10/21/2011 13:19:38.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1973 [GMT -7:00]
Running from: c:\users\coocabarra2\Desktop\ComboFix.exe
Command switches used :: c:\users\coocabarra2\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\0fc909b5-f105-4459-82f3-583c6ea5d734.dll
c:\programdata\PCDr\5907\Downloads\16837627-a839-41c5-a88f-3a0335128383.dll
c:\programdata\PCDr\5907\Downloads\482517d4-aaa6-47f8-a7ad-de5cf6021ac2.dll
c:\programdata\PCDr\5907\Downloads\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-21 20:42 . 2011-10-21 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-18 17:37 . 2011-10-21 20:48 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C299E7D9-B642-42BF-9A32-6E65910082C3}\offreg.dll
2011-10-18 17:05 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C299E7D9-B642-42BF-9A32-6E65910082C3}\mpengine.dll
2011-10-16 16:35 . 2011-10-16 16:35 -------- d-----w- C:\_OTM
2011-10-14 17:00 . 2011-10-14 17:00 -------- d-----w- c:\program files (x86)\ESET
2011-10-14 02:33 . 2011-10-18 15:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-14 02:18 . 2011-10-14 02:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-13 19:45 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 19:41 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 19:41 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 19:41 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 19:41 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 19:41 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 19:41 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 19:41 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 19:41 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-08 02:11 . 2011-10-08 02:11 -------- d-----w- c:\windows\system32\Macromed
2011-09-21 22:10 . 2011-10-06 23:42 28504 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-21 20:44 . 2010-06-10 05:41 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2011-10-21 20:44 . 2010-06-11 05:59 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2011-10-18 17:34 . 2010-06-10 05:43 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2011-10-18 17:34 . 2010-06-10 05:41 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2011-10-08 02:11 . 2011-05-22 00:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 00:00 . 2011-01-30 22:43 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-15 17:00 . 2010-06-30 22:44 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 17:00 . 2010-06-30 22:44 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-08-15 17:00 . 2010-06-30 22:44 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 17:00 . 2010-06-30 22:44 481504 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 17:00 . 2010-06-30 22:44 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 17:00 . 2010-06-30 22:44 228752 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 17:00 . 2010-06-30 22:44 100904 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 17:00 . 2010-04-14 19:50 642824 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 17:00 . 2010-04-14 19:50 158584 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-14_15.59.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-18 23:39 . 2011-10-18 17:36 43178 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-21 20:46 39052 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-30 22:34 . 2011-10-21 20:46 12318 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1669252175-1901661260-3532343193-1001_UserData.bin
+ 2010-06-10 05:42 . 2011-10-21 15:39 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-10 05:42 . 2011-10-14 15:46 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-10 05:42 . 2011-10-21 15:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-10 05:42 . 2011-10-14 15:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-14 15:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-21 15:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-11 05:53 . 2011-10-14 15:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-11 05:53 . 2011-10-18 17:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-11 05:53 . 2011-10-18 17:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-11 05:53 . 2011-10-14 15:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-11 05:53 . 2011-10-14 15:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-11 05:53 . 2011-10-18 17:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-11 05:53 . 2011-10-21 20:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-11 05:53 . 2011-10-14 15:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-11 05:53 . 2011-10-21 20:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-11 05:53 . 2011-10-14 15:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-14 15:58 . 2011-10-14 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-21 20:44 . 2011-10-21 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-21 20:44 . 2011-10-21 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-14 15:58 . 2011-10-14 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-23 03:15 . 2011-10-19 04:57 239780 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-06-11 16:40 . 2011-10-21 20:38 280276 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-10-21 18:39 624408 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-21 18:39 106752 c:\windows\system32\perfc009.dat
- 2010-06-13 10:27 . 2011-10-14 10:35 857624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-06-13 10:27 . 2011-10-21 20:43 857624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-10-21 20:43 275068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-14 15:57 275068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-31 16:44 . 2011-10-14 15:57 1819304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1669252175-1901661260-3532343193-1001-8192.dat
+ 2010-10-31 16:44 . 2011-10-21 20:43 1819304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1669252175-1901661260-3532343193-1001-8192.dat
+ 2011-10-06 20:32 . 2011-10-06 20:32 2844160 c:\windows\Installer\27bda8a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-09-11 1779952]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-17 1674896]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-09-17 165104]
.
c:\users\coocabarra2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 135664]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-12 561152]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 208272]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 158832]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 07:03]
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 07:03]
.
2011-10-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-10-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-06 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MemoryCardManager"="c:\program files (x86)\Dell Photo AIO Printer 926\memcard.exe" [2006-11-04 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll" [2006-10-16 31744]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\coocabarra2\AppData\Roaming\Mozilla\Firefox\Profiles\7u3nc8oj.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1669252175-1901661260-3532343193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1669252175-1901661260-3532343193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
c:\program files (x86)\Absolute Software\LoJack for Laptops notifier\LoJackNotifier.exe
.
**************************************************************************
.
Completion time: 2011-10-21 14:06:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-21 21:06
ComboFix2.txt 2011-10-18 16:18
ComboFix3.txt 2011-10-14 16:25
.
Pre-Run: 58,678,681,600 bytes free
Post-Run: 58,312,769,536 bytes free
.
- - End Of File - - 806E63F979B293354014E513911DBE27









Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:23:17 PM, on 10/21/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Absolute Software\LoJack for Laptops notifier\LoJackNotifier.exe
C:\Users\coocabarra2\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011211005.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SysWOW64\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: Movielink Core Service - Blockbuster - C:\Program Files (x86)\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12077 bytes
 
Okay, the logs look good. 2 entries in HJT to remove:

Please open HJT to 'do system scan only'. Check the following if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R3 - URLSearchHook: (no name) - - (no file)

Close all windows except HJT and click on Fix Checked.

Please give me an update on how the sytem is running.
 
Okay, I "fixed" those 2 entries. The system has been great so far since we started to fix things. Thanks again, so much, for your help! If everything is fixed now, can I delete all the programs we downloaded? Or should I leave them?
 
Okay- the system is clean! Let's remove the tools:

Remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
    [o] Click START> then RUN
    [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
    [o] Double click OTCleanIt.exe.
    [o] Click the CleanUp! button.
    [o] If you are prompted to Reboot during the cleanup, select Yes.
    [o]The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  • Set a new, clean Restore Point
    [o] Click on Start> right click on Computer> Properties
    [o] Select System Protection
    [o] Click on the Create button (near bottom)
    [o] Type a name for the Restore Point
    [o] Click on Create again to save the restore point.
  • Deleting all but the most recent System Protection point in Windows 7
    [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
    [o] Click Disk Cleanup from there.
    image2.png

    [o] Click Clean up system files
    This restarts Disk Cleanup to run in elevated mode.
    [o] Click the More Options tab
    w7-srp2.png

    [o] Click the Clean up under System Restore and Shadow Copies.
    [o] Click OK.
    [o] You will get a confirmation screen> Just click Delete.
    [o] Click OK on the Disk Cleanup Screen.
    [o] Click Delete Files on the Confirmation screen.
image6.png

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin

You're welcome! Safe surfing. :)
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back