Need help fixing PC performance malware

Solved
By fholla1
Oct 27, 2011
Topic Status:
Not open for further replies.
  1. Hi! My system was infected with some Malware last night. I found the 5 step thread and completed all steps. I'm still having problems, although it is better. I'm missing my desktop background, icons and start menu and I'm not sure how to go about fixing this and I'm not sure if there are any other problems I haven't noticed yet. I've included the logs below as requested and would appreciate any help you could give. I'm not very savvy with computers, so I hope I did it right. Thanks!

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8026

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    10/26/2011 10:29:56 PM
    mbam-log-2011-10-26 (22-29-56).txt

    Scan type: Quick scan
    Objects scanned: 177189
    Time elapsed: 48 minute(s), 26 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    c:\programdata\nfederlybhvow.exe (Trojan.FakeAlert) -> 3740 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nFEDeRLYbhvow.exe (Trojan.FakeAlert) -> Value: nFEDeRLYbhvow.exe -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\programdata\nfederlybhvow.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\fran\AppData\Local\Temp\p5tm1qbi6dss92.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-10-27 07:44:12
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DK02
    Running: wpm4yglg.exe; Driver: C:\Users\fran\AppData\Local\Temp\kxldypog.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x881B3268]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x881B3292]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x881B327E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x881B3254]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
    AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
    DDS
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by fran at 8:04:50 on 2011-10-27
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.469 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\System32\svchost.exe -k Cognizance
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\McAfee Online Backup\MOBKbackup.exe
    C:\Program Files\McAfee Online Backup\MOBKbackup.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Windows\system32\consent.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k swprv
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: H - No File
    uURLSearchHooks: FCToolbarURLSearchHook Class: {96b985b7-3cf9-456a-9db6-791710e60f5f} - c:\program files\mypoints point finder\Helper.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Freecause Toolbar BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:\program files\mypoints point finder\Toolbar.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111011224924.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
    TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints point finder\Toolbar.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    StartupFolder: c:\users\fran\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\users\fran\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{7E93C08B-A35E-4BD2-B8AD-A38845B90176} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: APSHook.dll
    LSA: Notification Packages = scecli ASWLNPkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\fran\appdata\roaming\mozilla\firefox\profiles\1mj4aowu.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\3\NP_wtapp.dll
    FF - plugin: c:\users\fran\appdata\roaming\move networks\plugins\npqmp071701000002.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 461864]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-10 64712]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-10 164776]
    R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-1-20 54776]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2010-4-7 21504]
    R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2010-4-7 21504]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-4-7 21504]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-4-22 13336]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-20 214904]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-20 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-20 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-20 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-10 166024]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-10 160344]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-10 148520]
    R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-10 1153368]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-10 57432]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-8-11 227896]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-22 180072]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-10 59288]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-10 338040]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-10 87808]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-7 82952]
    .
    =============== Created Last 30 ================
    .
    2011-10-27 03:33:53 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b4c30f7e-52f9-4447-a4a0-320f6fac1bda}\offreg.dll
    2011-10-27 01:59:36 316816 ---ha-w- c:\programdata\1kAlMiG2Kb7FzP.exe
    2011-10-25 17:06:15 -------- d--h--w- c:\programdata\VirtualFarm
    2011-10-25 17:04:48 -------- d--h--w- c:\programdata\VirtualFarm2
    2011-10-25 17:01:16 -------- d--h--w- c:\users\fran\appdata\roaming\Alawar Stargaze
    2011-10-25 17:01:16 -------- d--h--w- c:\programdata\Alawar Stargaze
    2011-10-25 06:47:01 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b4c30f7e-52f9-4447-a4a0-320f6fac1bda}\mpengine.dll
    2011-10-24 04:00:13 9151488 ----a-w- c:\windows\system32\setup.msi
    2011-10-24 02:16:24 354840 ----a-w- c:\windows\system32\drivers\iaStor.sys
    2011-10-22 18:18:06 -------- d--h--w- c:\users\fran\appdata\roaming\Go-Go Gourmet Chef of the Year
    2011-10-21 18:43:45 -------- d--h--w- c:\users\fran\appdata\roaming\LaJangada
    2011-10-21 14:16:31 -------- d--h--w- c:\users\fran\appdata\local\HP
    2011-10-15 00:22:06 -------- d--h--w- c:\users\fran\appdata\local\IsolatedStorage
    2011-10-14 22:51:42 274944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp64X.dll
    2011-10-14 04:08:28 -------- d--h--w- c:\programdata\Juliette's Fashion Empire
    2011-10-12 17:48:12 -------- d--h--w- c:\users\fran\appdata\local\CrimsonThief
    2011-10-12 14:36:32 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-12 14:36:32 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-12 14:36:31 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-12 14:36:30 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-12 14:36:21 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-12 14:36:20 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-12 14:36:20 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-12 14:36:20 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-12 14:35:26 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-10-12 14:33:53 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-10-12 01:16:15 117760 ----a-w- c:\windows\system32\hpzll64X.dll
    2011-10-08 19:19:03 -------- d--h--w- c:\users\fran\appdata\roaming\Realore_Whiterra Roads Of Rome 3
    2011-10-05 21:45:21 -------- d-----w- c:\program files\Coupons
    2011-10-05 21:33:14 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll
    2011-10-05 21:33:13 -------- d--h--w- c:\users\fran\appdata\roaming\Catalina Marketing Corp
    2011-10-05 21:33:10 485576 ---ha-w- c:\users\fran\appdata\roaming\microsoft\windows\start menu\programs\catalina marketing corp\UninstallCouponActivator.exe
    2011-10-05 21:17:50 -------- d--h--w- c:\programdata\WEBREG
    2011-10-05 20:58:59 274944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
    2011-10-05 20:48:08 -------- d-----w- c:\program files\common files\Hewlett-Packard
    2011-10-05 20:43:17 271704 ----a-w- c:\windows\system32\hpzids01.dll
    2011-10-05 20:43:05 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
    2011-10-05 20:41:25 675840 ----a-w- c:\windows\system32\hpowiax3.dll
    2011-10-05 20:41:25 569344 ----a-w- c:\windows\system32\hpotscl3.dll
    2011-10-05 20:41:25 364544 ----a-w- c:\windows\system32\hppldcoi.dll
    2011-10-05 20:41:25 303104 ----a-w- c:\windows\system32\hpovst10.dll
    2011-10-02 14:04:02 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
    2011-10-02 14:04:01 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-10-02 14:04:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-10-02 14:04:00 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
    .
    ==================== Find3M ====================
    .
    2011-10-25 17:11:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-19 20:59:30 148520 ----a-w- c:\windows\system32\mfevtps.exe
    2011-08-15 15:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-08-15 15:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-08-15 15:00:06 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2011-08-15 15:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-08-15 15:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-08-15 15:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-08-15 15:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-08-15 15:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-08-15 15:00:06 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2011-08-15 15:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    .
    ============= FINISH: 8:11:16.19 ===============
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/20/2007 12:25:01 AM
    System Uptime: 10/26/2011 10:33:23 PM (11 hours ago)
    .
    Motherboard: Quanta | | 30CC
    Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1500/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 178 GiB total, 92.357 GiB free.
    D: is FIXED (NTFS) - 8 GiB total, 0.008 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: USB\VID_08FF&PID_2580\5&8730710&0&1
    Manufacturer:
    Name:
    PNP Device ID: USB\VID_08FF&PID_2580\5&8730710&0&1
    Service:
    .
    ==== System Restore Points ===================
    .
    RP421: 9/28/2011 10:40:53 AM - Windows Update
    RP422: 9/30/2011 1:38:06 AM - Windows Update
    RP423: 10/2/2011 4:53:24 PM - Scheduled Checkpoint
    RP424: 10/4/2011 8:57:13 AM - Windows Update
    RP425: 10/5/2011 3:41:27 PM - Device Driver Package Install: Hewlett-Packard Imaging devices
    RP426: 10/5/2011 3:43:24 PM - Device Driver Package Install: Hewlett-Packard Printers
    RP427: 10/5/2011 3:44:29 PM - Device Driver Package Install: Hewlett-Packard IEEE 1284.4 compatible printer
    RP428: 10/5/2011 3:45:16 PM - Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
    RP429: 10/7/2011 8:45:54 AM - Windows Update
    RP430: 10/9/2011 7:12:51 PM - Scheduled Checkpoint
    RP431: 10/11/2011 6:22:18 AM - Windows Update
    RP432: 10/11/2011 8:12:15 PM - Installed HP Product Assistant
    RP434: 10/11/2011 8:15:36 PM - HP Installation Restore Point
    RP435: 10/12/2011 9:37:14 AM - Windows Update
    RP436: 10/14/2011 1:25:00 AM - Windows Update
    RP437: 10/18/2011 2:29:11 PM - Windows Update
    RP438: 10/21/2011 1:25:46 AM - Windows Update
    RP439: 10/23/2011 9:16:38 PM - Device Driver Package Install: Intel IDE ATA/ATAPI controllers
    RP440: 10/23/2011 11:00:33 PM - Installed ATInstall.
    RP441: 10/25/2011 1:44:57 AM - Windows Update
    RP442: 10/25/2011 8:23:16 PM - Scheduled Checkpoint
    RP443: 10/26/2011 8:01:29 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    4 Elements II
    A Gypsy's Tale: Tower of Secrets
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8
    Aerie - Spirit of the Forest
    Agatha Christie - 4:50 from Paddington
    AIO_Scan
    Ancient Spirits: Columbus' Legacy
    Antique Road Trip 2: Homecoming
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Aquitania
    ATInstall
    AuthenTec Fingerprint Sensor Minimum Install
    Bonjour
    BufferChm
    Burger Bustle
    Cake Mania: To the Max
    Cave Quest
    Chloe's Dream Resort
    Classic Adventures - The Great Gatsby
    Copy
    Country Harvest
    Coupon Printer for Windows
    Crop Busters
    CustomerResearchQFolder
    Dark Parables - Curse of Briar Rose
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DJ_AIO_ProductContext
    DJ_AIO_Software
    DJ_AIO_Software_min
    Dr. Despicable's Dastardly Deeds
    Dr. Wise - Medical Mysteries
    Drugstore Mania
    Elizabeth Find MD Diagnosis Mystery: Season 2
    Epic Adventures - La Jangada
    Escape from Frankenstein's Castle
    ESU for Microsoft Vista
    eSupportQFolder
    F4100
    F4100_doccd
    F4100_Help
    Faded Reality
    Farm 2
    Farm Craft
    Farm Craft 2: Global Vegetable Crisis
    Farmers Market
    Farmscapes
    Fate of the Pharaoh
    FBI Paranormal Case: Extended Edition
    FeedDemon
    Fishdom: Seasons Under the Sea
    Forgotten Places - Lost Circus
    Gourmania 2: Great Expectations
    Grace's Quest: To Catch An Art Thief
    Great Secrets - Da Vinci
    Gwen The Magic Nanny
    Heart's Medicine: Season One
    Hobby Farm
    Hospital Haste
    Hotdog Hotshot
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Customer Experience Enhancements
    HP Customer Participation Program 9.0
    HP Deskjet All-In-One Software 9.0
    HP Doc Viewer
    HP Easy Setup - Frontend
    HP Games
    HP Help and Support
    HP Imaging Device Functions 9.0
    HP Pavilion Webcam Driver for Vista v061.001.00006
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Product Assistant
    HP Quick Launch Buttons
    HP QuickPlay 3.6
    HP Solution Center 9.0
    HP Total Care Advisor
    HP Update
    HP User Guides 0057
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    HPProductAssistant
    HPSSupply
    Ice Cream Craze: Natural Hero
    Ice Cream Mania
    Insider Tales - Vanished in Rome
    Insider Tales: The Stolen Venus 2
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Rapid Storage Technology
    iTunes
    Jack the Ripper - Letters from Hell
    Jade Rousseau The Secret Revelations
    Jar of Marbles
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) SE Runtime Environment 6
    Jessica's BowWow Bistro
    Juliette's Fashion Empire
    L. Frank Baum's The Wonderful Wizard of Oz
    Letters from Nowhere
    LightScribe 1.4.136.1
    Little Shop of Treasures 2
    Magic Encyclopedia - Moon Light
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    Master Thief - Skyscraper Sting
    Matchmaker - Joining Hearts
    McAfee Internet Security
    McAfee Online Backup
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Default Manager
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft UI Engine
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Millionaire Manor: The Hidden Object Show 3
    Miriel the Magical Merchant
    Motorola SM56 Speakerphone Modem
    Move Media Player
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSCU for Microsoft Vista
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My Farm Life
    My Farm Life 2
    My HP Games
    My Life Story
    MyPoints Point Finder
    Mystery Cruise
    Mystery P.I. - The London Caper
    OGA Notifier 2.0.0048.0
    Paradise Beach 2
    Picasa 3
    Pioneer Lands
    Pizza Chef 2
    PSSWCORE
    Puppy Sanctuary
    QLBCASL
    QuickPlay SlingPlayer 0.4.6
    QuickTime
    Rachel's Retreat
    Ranch Rush 2 - Premium Edition
    Real Crimes - Jack the Ripper
    Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    Restaurant Empire
    Rhapsody
    Rhapsody Player Engine
    Roads of Rome 3
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Royal Envoy
    Sally's Studio Premium Edition
    Sara's Super Spa Deluxe
    Scan
    Secret Diaries: Florence Ashford
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Ski Resort Mogul
    Smiling Pasta
    SolutionCenter
    Spybot - Search & Destroy
    Stand O'Food 3
    Star Crossed Love
    Status
    Summer Resort Mogul
    Summer Rush
    SUPERAntiSpyware
    Supermarket Management 2
    Supermarket Mania 2
    Synaptics Pointing Device Driver
    Tales of Lagoona
    The Institute: A Becky Brogan Adventure
    The Joy of Farming
    Time Riddles: The Mansion
    Toolbox
    Travel Agency
    TrayApp
    Tropical Fish Shop - Annabels Adventure
    Twisted Lands: Insomniac
    Unexpected Journey
    Unlikely Suspects
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    VeriSoft Access Manager
    Veronica and the Book of Dreams
    VideoToolkit01
    Virtual Farm 2
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebReg
    Wedding Dash (R) 4-Ever
    WildTangent Games
    WildTangent Games App
    WildTangent Games App (HP Games)
    Women's Murder Club: Little Black Lies
    Youda Fisherman
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/26/2011 9:07:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    10/26/2011 9:04:59 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2011 9:04:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/26/2011 9:04:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk mfenlfk mfewfpk MOBKFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2011 9:03:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/26/2011 9:03:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/26/2011 9:03:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    10/26/2011 9:03:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/26/2011 9:03:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/26/2011 9:02:53 PM, Error: EventLog [6008] - The previous system shutdown at 8:59:46 PM on 10/26/2011 was unexpected.
    10/26/2011 8:32:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    10/26/2011 8:11:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    10/26/2011 8:11:36 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/26/2011 8:11:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/26/2011 2:00:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
    10/26/2011 2:00:50 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/26/2011 2:00:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    10/26/2011 10:43:12 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    10/26/2011 10:43:10 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    10/26/2011 10:40:46 PM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting.
    10/26/2011 10:38:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Scanner service to connect.
    10/26/2011 10:38:41 PM, Error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/26/2011 10:38:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
    10/26/2011 10:34:05 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/23/2011 7:57:49 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    10/22/2011 8:52:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Com4QLBEx service to connect.
    10/22/2011 8:52:17 AM, Error: Service Control Manager [7000] - The Com4QLBEx service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/22/2011 8:52:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Com4QLBEx with arguments "" in order to run the server: {DB536E5D-10F7-4B34-B443-140161048E2E}
    10/22/2011 10:02:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
    .
    ==== End Of File ===========================
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot! I'll be glad to help remove this malware.

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    You can run the following to help find those 'missing' icons and entries. Please note: this does not remove the malware- only the attribute it used to make the files 'go missing':b]
    Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    =====================================
    Please allow me to comment that you are running many processes that do not need to start on boot and run in the background. Depending on how long your surfing session, they will, at some point, slow the system down.
    ======================================
    You have some marketing/ad/points processes running that are going to expose the system to malware. We'll let the following help with them:

    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =======================================

    Please update Java to v6u29: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
    ---------------------------------
    Outdated Java usually means there is malware in the Java cache, so it needs to be cleared:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ========================================
    Please leave the logs in your next reply.

    Go on and follow the instructions in my next reply.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
  4. fholla1

    fholla1 Newcomer, in training Topic Starter Posts: 24

    Hi Bobbye, thank you so much for your response. I've run the uhide twice and have minimal restoration. The only thing restored is my start menu. The desktop background is still missing as are almost all of the icons on the left. Also there is a funny Windows System restore icon on my desktop now as well as in what I would call the quick start menu to the right of the start button, it's the only button showing. After running unhide the first time I turned off real time scanning on macafee and ran it again, but there were no changes.

    I'm sure I am running many processes I don't need to. I don't know what I need or don't or how to fix that. I'll try to figure it out. I'm getting a pop up message occasionally that states Windows is blocking some programs at start up. I can't tell if it's genuine or not, but there's a icon down in the bottom right bar for it. I just started getting this after the malware.

    Thanks so much for your help, I really appreciate it.
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You're welcome. I'll give you help in taking processes off of the Startup Menu when we have finished cleaning.

    About those icons you now see: Be sure you don't double click to open them. They will be from the malware and you don't want to help it along.

    These 2 areas you refer to> "quick start menu to the right of the start button" is called the QuickLaunch Toolbar. It holds shortcuts to programs that are used often. The area with the clock, to the right, is called the Notification Area. Basically is has icons for processes that are active now- usually started on boot.

    Do not click to open any of the unknown icons.
    ====================================
    I'd like you to check the computer time and date:
    The first Mbam log is dated 10/26/2011 at 10:29:56 PM
    GMER: 2011-10-27 at 07:44 AM
    DDS: 2011-10-27 at 8:04:AM

    .But you commented yesterday that you got malware 'last night.' While I do see a Trojan on 10/27, I'm not sure the clock is set right:
    ----------------------------------
    Right click on the clock in the Notification Area (this is the name of the section to the right of the Taskbar)> Adjust Date/Time> Make sure both are correct on the screen that comes up> Select Internet Time Zone tab> Make sure you are in the correct time zone for your part of the country/world> Check 'adjust for daylight savings time'> Select 'Internet Time tab'> Check 'automatically synchronize with an internet time server'> click on Check now.
    If you get an error, let me know- I'll give you another server.
    ===================================
    This is from the malware. It is a rogue fake alert, invented by the malware to try and get you to click on their link to fix the problem.
    ==================================
    Please give me the logs from the Eset scan and Combofix when ready.

    I'll have you run unhide again later if needed. Running it now was just for 'cosmetic' purposes.
  6. fholla1

    fholla1 Newcomer, in training Topic Starter Posts: 24

    Hi Bobbye, I ran the Mbam on the night of the 26th I think and the others the morning of the 27th. I found this board and then went through the 5 steps before posting. I had initially run a quick scan which was the log I posted. That night I ran another full scan to be sure that nothing else was detected and it took all night, I stopped it after almost nine hours. Nothing was found at that point. That's when I ran the other scans. Is it safe to use my computer at all? I have only been using the internet to check for your mail, but I wasn't sure. I will run the other scans now, I wanted to make sure it was ok to do so since the unhide didn't fix it all. I will post the logs shortly. Thanks!
  7. fholla1

    fholla1 Newcomer, in training Topic Starter Posts: 24

    Please Disregard! I saw your note in the instruction after posting this!

    Bobbye I've encountered an issue. When combo fix restarted my computer a message popped up. I can't remember exactly what it said now, but after clicking it I cannot open any programs on my computer. I thought it had to do with Macafee running. Combofix finished and produced a log, but when I attempt to open my email or firefox I get an error message
    I had the real time macafee scanning set to come back on when my computer restarted since I didn't know that combofix was going to restart. So when I got the message I thought that's what it was and clicked ok. I guess I just made my problem worse instead. I'm not sure what to do, I have the finished log, but I can't open anything and more stuff is missing on my desktop. I've shut down and restarted my computer since the initial malware and haven't seen this message. I'm sorry.
  8. fholla1

    fholla1 Newcomer, in training Topic Starter Posts: 24

    I decided to try restarting and I was able to open programs. Then I read in your instructions that it could happen I'm sorry! Lol, I'm so scared about what I've done that I'm panicking! Here's the combo log:

    ComboFix 11-10-28.04 - fran 10/28/2011 12:13:28.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.896 [GMT -5:00]
    Running from: c:\users\fran\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\1kAlMiG2Kb7FzP.exe
    c:\users\fran\AppData\Roaming\EurekaLog
    c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
    c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
    c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
    c:\windows\system32\AutoRun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-28 17:39 . 2011-10-28 17:47 -------- d-----w- c:\users\fran\AppData\Local\temp
    2011-10-28 17:39 . 2011-10-28 17:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-10-25 17:06 . 2011-10-25 17:06 -------- d-----w- c:\programdata\VirtualFarm
    2011-10-25 17:01 . 2011-10-25 17:01 -------- d-----w- c:\users\fran\AppData\Roaming\Alawar Stargaze
    2011-10-25 17:01 . 2011-10-25 17:01 -------- d-----w- c:\programdata\Alawar Stargaze
    2011-10-24 02:16 . 2010-11-06 04:39 354840 ----a-w- c:\windows\system32\drivers\iaStor.sys
    2011-10-22 18:18 . 2011-10-22 18:18 -------- d-----w- c:\users\fran\AppData\Roaming\Go-Go Gourmet Chef of the Year
    2011-10-21 18:43 . 2011-10-21 18:43 -------- d-----w- c:\users\fran\AppData\Roaming\LaJangada
    2011-10-21 14:16 . 2011-10-21 14:16 -------- d-----w- c:\users\fran\AppData\Local\HP
    2011-10-15 00:22 . 2011-10-15 00:22 -------- d-----w- c:\users\fran\AppData\Local\IsolatedStorage
    2011-10-14 22:51 . 2008-08-18 16:39 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp64X.dll
    2011-10-14 04:08 . 2011-10-14 16:36 -------- d-----w- c:\programdata\Juliette's Fashion Empire
    2011-10-12 17:48 . 2011-10-12 17:48 -------- d-----w- c:\users\fran\AppData\Local\CrimsonThief
    2011-10-12 14:51 . 2011-09-01 02:41 141088 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2011-10-12 14:51 . 2011-09-01 02:26 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
    2011-10-12 14:51 . 2011-09-01 02:35 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-10-12 14:51 . 2011-09-01 02:30 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
    2011-10-12 14:33 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-10-12 01:16 . 2008-08-18 16:39 117760 ----a-w- c:\windows\system32\hpzll64X.dll
    2011-10-08 19:19 . 2011-10-08 20:29 -------- d-----w- c:\users\fran\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
    2011-10-05 21:45 . 2011-10-05 21:45 -------- d-----w- c:\program files\Coupons
    2011-10-05 21:33 . 2011-10-05 21:33 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol400.dll
    2011-10-05 21:33 . 2011-10-05 21:33 -------- d-----w- c:\users\fran\AppData\Roaming\Catalina Marketing Corp
    2011-10-05 21:17 . 2011-10-05 21:17 -------- d-----w- c:\programdata\WEBREG
    2011-10-05 20:58 . 2007-03-28 18:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
    2011-10-05 20:56 . 2011-10-05 20:56 -------- d-----w- c:\programdata\HPSSUPPLY
    2011-10-05 20:51 . 2011-10-05 20:51 -------- d-----w- c:\programdata\HP Product Assistant
    2011-10-05 20:48 . 2011-10-05 20:48 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2011-10-05 20:43 . 2010-05-06 10:51 271704 ----a-w- c:\windows\system32\hpzids01.dll
    2011-10-05 20:43 . 2007-03-28 19:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
    2011-10-05 20:41 . 2007-03-17 16:11 675840 ----a-w- c:\windows\system32\hpowiax3.dll
    2011-10-05 20:41 . 2007-03-17 16:11 303104 ----a-w- c:\windows\system32\hpovst10.dll
    2011-10-05 20:41 . 2007-03-17 16:11 569344 ----a-w- c:\windows\system32\hpotscl3.dll
    2011-10-05 20:41 . 2007-03-08 04:20 364544 ----a-w- c:\windows\system32\hppldcoi.dll
    2011-10-02 14:04 . 2011-10-02 14:04 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
    2011-10-02 14:04 . 2011-10-02 14:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-10-02 14:04 . 2011-10-02 14:04 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-10-02 14:04 . 2011-10-02 14:04 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-28 17:45 . 2011-10-28 17:45 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4C30F7E-52F9-4447-A4A0-320F6FAC1BDA}\offreg.dll
    2011-10-25 17:11 . 2011-06-02 14:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-07 03:48 . 2011-10-25 06:47 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4C30F7E-52F9-4447-A4A0-320F6FAC1BDA}\mpengine.dll
    2011-09-06 13:30 . 2011-10-12 14:35 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 02:28 . 2011-10-12 14:51 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22 . 2011-10-12 14:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-31 22:00 . 2010-08-11 01:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-25 16:15 . 2011-10-12 14:36 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-08-25 16:14 . 2011-10-12 14:36 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-25 16:14 . 2011-10-12 14:36 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-25 13:31 . 2011-10-12 14:36 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-08-19 20:59 . 2011-01-11 02:24 148520 ----a-w- c:\windows\system32\mfevtps.exe
    2011-08-15 15:00 . 2011-09-22 19:45 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-08-15 15:00 . 2011-01-11 02:39 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-08-15 15:00 . 2011-01-11 02:38 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2011-08-15 15:00 . 2011-01-11 02:38 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2011-08-15 15:00 . 2011-01-11 02:38 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-08-15 15:00 . 2011-01-11 02:38 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-08-15 15:00 . 2011-01-11 02:38 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-08-15 15:00 . 2011-01-11 02:38 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-08-15 15:00 . 2010-10-14 04:28 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-08-15 15:00 . 2010-10-14 04:28 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-10-02 14:04 . 2011-10-02 14:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-10-14 04:28 . 2011-01-11 02:39 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{96b985b7-3cf9-456a-9db6-791710e60f5f}"= "c:\program files\MyPoints Point Finder\Helper.dll" [2010-04-07 242688]
    .
    [HKEY_CLASSES_ROOT\clsid\{96b985b7-3cf9-456a-9db6-791710e60f5f}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{9FEBEA6D-4801-4D23-97E7-A771B698E442}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
    2010-04-07 23:17 1517056 ----a-w- c:\program files\MyPoints Point Finder\Toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Point Finder\Toolbar.dll" [2010-04-07 1517056]
    .
    [HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
    [HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
    [HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Point Finder\Toolbar.dll" [2010-04-07 1517056]
    .
    [HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
    [HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
    [HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
    @="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
    [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
    2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
    @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
    [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
    2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
    @="{b4caf489-1eec-c617-49ad-8d7088598c06}"
    [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
    2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
    .
    c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    OneNote Table Of Contents.onetoc2 [2011-10-14 3656]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\APSHook.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
    R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-15 87808]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-01-05 82952]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-08-15 64712]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-08-15 164776]
    S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 54776]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
    S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 160344]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-08-19 148520]
    S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-14 229688]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-08-15 57432]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-08-15 338040]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance REG_MULTI_SZ ASBroker ASChannel
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-21 c:\windows\Tasks\HPCeeScheduleForfran.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-05-14 21:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    FF - ProfilePath - c:\users\fran\AppData\Roaming\Mozilla\Firefox\Profiles\1mj4aowu.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-28 12:50
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\users\fran\AppData\Local\Temp\catchme.dll 53248 bytes executable
    c:\windows\TEMP\TMP00000029B5737E8E622817FE 524288 bytes
    .
    scan completed successfully
    hidden files: 2
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(576)
    c:\windows\system32\APSHook.dll
    c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
    c:\program files\McAfee Online Backup\MOBKshell.dll
    c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\system32\rundll32.exe
    c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
    c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
    c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\windows\system32\vssvc.exe
    c:\program files\Common Files\McAfee\Core\mchost.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-28 13:04:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-28 18:04
    .
    Pre-Run: 98,368,479,232 bytes free
    Post-Run: 98,274,541,568 bytes free
    .
    - - End Of File - - 6F3820AEDBA783C1C4AE2612117FFB10
  9. fholla1

    fholla1 Newcomer, in training Topic Starter Posts: 24

    ESET log

    C:\Program Files\HP Games\Matchmaker - Joining Hearts\Matchmaker.exe a variant of Win32/Kryptik.BCY trojan
    C:\Qoobox\Quarantine\C\ProgramData\1kAlMiG2Kb7FzP.exe.vir a variant of Win32/Kryptik.UOA trojan
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    No problem. Just read the program instructions carefully.
    For Combofix:
    ===================================
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      C:\Program Files\HP Games\Matchmaker - Joining Hearts\Matchmaker.exe
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ====================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\programdata\1kAlMiG2Kb7FzP.exe
    Folder::
    DDS::
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{96b985b7-3cf9-456a-9db6-791710e60f5f}"=-
    [HKEY_CLASSES_ROOT\clsid\{96b985b7-3cf9-456a-9db6-791710e60f5f}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{9FEBEA6D-4801-4D23-97E7-A771B698E442}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"=-
    [HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
    [HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
    [HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"=-
    [HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
    [HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
    [HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-.
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-.
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Please note I have removed 16 Registry entries for My Points Finder Toolbar>>
    MyPoints Toolbar 2.0 - a Softomate/Besttoolbars Toolbar variant - Softomate customizes toolbars to customers needs. The dll files for their toolbars contain some spyware/adware functionality, although not all of the toolbars use this.
    ===================
    When finished: Please Download catchme.exe ( 137KB ) and save to your desktop.
    • Double click the catchme.exe to run it
    • Click the "Scan" button to start scan
      [​IMG]
    • Open catchme.log to see results

    Copy the log to Notepad, making sure that 'Word Wrap' is unchecked in Format. Then paste the log in your next reply.
  11. fholla1

    fholla1 Newcomer, in training Topic Starter Posts: 24

    OTMoveit

    All processes killed
    ========== FILES ==========
    C:\Program Files\HP Games\Matchmaker - Joining Hearts\Matchmaker.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: fran
    ->Temp folder emptied: 196986 bytes
    ->Temporary Internet Files folder emptied: 584485074 bytes
    ->Java cache emptied: 1 bytes
    ->FireFox cache emptied: 53853218 bytes
    ->Google Chrome cache emptied: 7449183 bytes
    ->Flash cache emptied: 2007947 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 211350 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 10789706 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 628.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 10292011_235609
    All processes killed

    OTM by OldTimer - Version 3.1.19.0 log created on 10292011_235602

    Files moved on Reboot...

    Registry entries deleted on Reboot...
     
  12. fholla1

    fholla1 Newcomer, in training Topic Starter Posts: 24

    ComboFix 11-10-29.06 - fran 10/30/2011 0:27.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.847 [GMT -5:00]
    Running from: c:\users\fran\Downloads\ComboFix.exe
    Command switches used :: c:\users\fran\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\programdata\1kAlMiG2Kb7FzP.exe"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-30 05:53 . 2011-10-30 05:54 -------- d-----w- c:\users\fran\AppData\Local\temp
    2011-10-30 05:53 . 2011-10-30 05:53 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-10-30 05:02 . 2011-10-30 05:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4C30F7E-52F9-4447-A4A0-320F6FAC1BDA}\offreg.dll
    2011-10-30 04:56 . 2011-10-30 04:56 -------- d-----w- C:\_OTM
    2011-10-28 19:19 . 2011-10-28 19:19 -------- d-----w- c:\program files\ESET
    2011-10-28 19:15 . 2011-10-28 19:15 -------- d-----w- c:\program files\Common Files\Java
    2011-10-25 17:06 . 2011-10-25 17:06 -------- d-----w- c:\programdata\VirtualFarm
    2011-10-25 17:01 . 2011-10-25 17:01 -------- d-----w- c:\users\fran\AppData\Roaming\Alawar Stargaze
    2011-10-25 17:01 . 2011-10-25 17:01 -------- d-----w- c:\programdata\Alawar Stargaze
    2011-10-25 06:47 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4C30F7E-52F9-4447-A4A0-320F6FAC1BDA}\mpengine.dll
    2011-10-24 04:00 . 2008-11-25 15:05 9151488 ----a-w- c:\windows\system32\setup.msi
    2011-10-24 02:16 . 2010-11-06 04:39 354840 ----a-w- c:\windows\system32\drivers\iaStor.sys
    2011-10-22 18:18 . 2011-10-22 18:18 -------- d-----w- c:\users\fran\AppData\Roaming\Go-Go Gourmet Chef of the Year
    2011-10-21 18:43 . 2011-10-21 18:43 -------- d-----w- c:\users\fran\AppData\Roaming\LaJangada
    2011-10-21 14:16 . 2011-10-21 14:16 -------- d-----w- c:\users\fran\AppData\Local\HP
    2011-10-15 00:22 . 2011-10-15 00:22 -------- d-----w- c:\users\fran\AppData\Local\IsolatedStorage
    2011-10-14 22:51 . 2008-08-18 16:39 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp64X.dll
    2011-10-14 04:08 . 2011-10-14 16:36 -------- d-----w- c:\programdata\Juliette's Fashion Empire
    2011-10-12 17:48 . 2011-10-12 17:48 -------- d-----w- c:\users\fran\AppData\Local\CrimsonThief
    2011-10-12 14:36 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-12 14:36 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-12 14:36 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-12 14:36 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-12 14:36 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-12 14:36 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-12 14:36 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-12 14:36 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-12 14:35 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-10-12 14:33 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-10-12 01:16 . 2008-08-18 16:39 117760 ----a-w- c:\windows\system32\hpzll64X.dll
    2011-10-08 19:19 . 2011-10-08 20:29 -------- d-----w- c:\users\fran\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
    2011-10-05 21:45 . 2011-10-05 21:45 -------- d-----w- c:\program files\Coupons
    2011-10-05 21:33 . 2011-10-05 21:33 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol400.dll
    2011-10-05 21:33 . 2011-10-05 21:33 -------- d-----w- c:\users\fran\AppData\Roaming\Catalina Marketing Corp
    2011-10-05 21:33 . 2011-10-05 21:32 485576 ----a-w- c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
    2011-10-05 21:17 . 2011-10-05 21:17 -------- d-----w- c:\programdata\WEBREG
    2011-10-05 20:58 . 2007-03-28 18:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
    2011-10-05 20:56 . 2011-10-05 20:56 -------- d-----w- c:\programdata\HPSSUPPLY
    2011-10-05 20:51 . 2011-10-05 20:51 -------- d-----w- c:\programdata\HP Product Assistant
    2011-10-05 20:48 . 2011-10-05 20:48 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2011-10-05 20:43 . 2010-05-06 10:51 271704 ----a-w- c:\windows\system32\hpzids01.dll
    2011-10-05 20:43 . 2007-03-28 19:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
    2011-10-05 20:41 . 2007-03-17 16:11 675840 ----a-w- c:\windows\system32\hpowiax3.dll
    2011-10-05 20:41 . 2007-03-17 16:11 303104 ----a-w- c:\windows\system32\hpovst10.dll
    2011-10-05 20:41 . 2007-03-17 16:11 569344 ----a-w- c:\windows\system32\hpotscl3.dll
    2011-10-05 20:41 . 2007-03-08 04:20 364544 ----a-w- c:\windows\system32\hppldcoi.dll
    2011-10-02 14:04 . 2011-10-02 14:04 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
    2011-10-02 14:04 . 2011-10-02 14:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-10-02 14:04 . 2011-10-02 14:04 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-10-02 14:04 . 2011-10-02 14:04 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-28 19:14 . 2010-04-24 13:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-25 17:11 . 2011-06-02 14:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-31 22:00 . 2010-08-11 01:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-19 20:59 . 2011-01-11 02:24 148520 ----a-w- c:\windows\system32\mfevtps.exe
    2011-08-15 15:00 . 2011-09-22 19:45 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-08-15 15:00 . 2011-01-11 02:39 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-08-15 15:00 . 2011-01-11 02:38 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2011-08-15 15:00 . 2011-01-11 02:38 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2011-08-15 15:00 . 2011-01-11 02:38 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-08-15 15:00 . 2011-01-11 02:38 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-08-15 15:00 . 2011-01-11 02:38 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-08-15 15:00 . 2011-01-11 02:38 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-08-15 15:00 . 2010-10-14 04:28 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-08-15 15:00 . 2010-10-14 04:28 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-10-02 14:04 . 2011-10-02 14:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-10-14 04:28 . 2011-01-11 02:39 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
    2010-04-07 23:17 1517056 ----a-w- c:\program files\MyPoints Point Finder\Toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
    @="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
    [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
    2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
    @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
    [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
    2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
    @="{b4caf489-1eec-c617-49ad-8d7088598c06}"
    [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
    2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
    .
    c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    OneNote Table Of Contents.onetoc2 [2011-10-14 3656]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\APSHook.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
    R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-15 87808]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-01-05 82952]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-08-15 64712]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-08-15 164776]
    S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 54776]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
    S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 160344]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-08-19 148520]
    S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-14 229688]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-08-15 57432]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-08-15 338040]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance REG_MULTI_SZ ASBroker ASChannel
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-21 c:\windows\Tasks\HPCeeScheduleForfran.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-05-14 21:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    FF - ProfilePath - c:\users\fran\AppData\Roaming\Mozilla\Firefox\Profiles\1mj4aowu.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-30 00:54
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1924)
    c:\windows\system32\APSHook.dll
    c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
    c:\program files\McAfee Online Backup\MOBKshell.dll
    c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
    .
    Completion time: 2011-10-30 01:06:47
    ComboFix-quarantined-files.txt 2011-10-30 06:06
    ComboFix2.txt 2011-10-28 18:04
    .
    Pre-Run: 99,378,638,848 bytes free
    Post-Run: 99,340,484,608 bytes free
    .
    - - End Of File - - 060238EF94274A442B9C3A6CB770AD9F
  13. fholla1

    fholla1 Newcomer, in training Topic Starter Posts: 24

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-30 01:30:21
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, a few more in Combifix:

    Custom CFScript


    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    Registry::
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    =====================
    Recommend you uninstall the My Points Toolbar Then use Windows Explorer to delete the program folder
    ====================
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

    Please let me know how the systm is doing.
  15. fholla1

    fholla1 Newcomer, in training Topic Starter Posts: 24

    ComboFix 11-11-01.04 - fran 11/01/2011 20:10:48.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1174 [GMT -5:00]
    Running from: c:\users\fran\Downloads\ComboFix.exe
    Command switches used :: c:\users\fran\Desktop\cfscript2.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-02 01:35 . 2011-11-02 01:37 -------- d-----w- c:\users\fran\AppData\Local\temp
    2011-11-02 01:35 . 2011-11-02 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-01 14:15 . 2011-11-01 14:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE60E79B-47F0-4052-ADED-6D1523ACA1CE}\offreg.dll
    2011-11-01 14:15 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE60E79B-47F0-4052-ADED-6D1523ACA1CE}\mpengine.dll
    2011-10-30 04:56 . 2011-10-30 04:56 -------- d-----w- C:\_OTM
    2011-10-28 19:19 . 2011-10-28 19:19 -------- d-----w- c:\program files\ESET
    2011-10-28 19:15 . 2011-10-28 19:15 -------- d-----w- c:\program files\Common Files\Java
    2011-10-25 17:06 . 2011-11-01 18:32 -------- d-----w- c:\programdata\VirtualFarm
    2011-10-25 17:01 . 2011-10-25 17:01 -------- d-----w- c:\users\fran\AppData\Roaming\Alawar Stargaze
    2011-10-25 17:01 . 2011-10-25 17:01 -------- d-----w- c:\programdata\Alawar Stargaze
    2011-10-24 04:00 . 2008-11-25 15:05 9151488 ----a-w- c:\windows\system32\setup.msi
    2011-10-24 02:16 . 2010-11-06 04:39 354840 ----a-w- c:\windows\system32\drivers\iaStor.sys
    2011-10-22 18:18 . 2011-10-22 18:18 -------- d-----w- c:\users\fran\AppData\Roaming\Go-Go Gourmet Chef of the Year
    2011-10-21 18:43 . 2011-10-21 18:43 -------- d-----w- c:\users\fran\AppData\Roaming\LaJangada
    2011-10-21 14:16 . 2011-10-21 14:16 -------- d-----w- c:\users\fran\AppData\Local\HP
    2011-10-15 00:22 . 2011-10-15 00:22 -------- d-----w- c:\users\fran\AppData\Local\IsolatedStorage
    2011-10-14 22:51 . 2008-08-18 16:39 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp64X.dll
    2011-10-14 04:08 . 2011-10-14 16:36 -------- d-----w- c:\programdata\Juliette's Fashion Empire
    2011-10-12 17:48 . 2011-10-12 17:48 -------- d-----w- c:\users\fran\AppData\Local\CrimsonThief
    2011-10-12 14:36 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-12 14:36 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-12 14:36 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-12 14:36 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-12 14:36 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-12 14:36 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-12 14:36 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-12 14:36 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-12 14:35 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-10-12 14:33 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-10-12 01:16 . 2008-08-18 16:39 117760 ----a-w- c:\windows\system32\hpzll64X.dll
    2011-10-08 19:19 . 2011-10-08 20:29 -------- d-----w- c:\users\fran\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
    2011-10-05 21:45 . 2011-10-05 21:45 -------- d-----w- c:\program files\Coupons
    2011-10-05 21:33 . 2011-10-05 21:33 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol400.dll
    2011-10-05 21:33 . 2011-10-05 21:33 -------- d-----w- c:\users\fran\AppData\Roaming\Catalina Marketing Corp
    2011-10-05 21:33 . 2011-10-05 21:32 485576 ----a-w- c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
    2011-10-05 21:17 . 2011-10-05 21:17 -------- d-----w- c:\programdata\WEBREG
    2011-10-05 20:58 . 2007-03-28 18:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
    2011-10-05 20:56 . 2011-10-05 20:56 -------- d-----w- c:\programdata\HPSSUPPLY
    2011-10-05 20:51 . 2011-10-05 20:51 -------- d-----w- c:\programdata\HP Product Assistant
    2011-10-05 20:48 . 2011-10-05 20:48 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2011-10-05 20:43 . 2010-05-06 10:51 271704 ----a-w- c:\windows\system32\hpzids01.dll
    2011-10-05 20:43 . 2007-03-28 19:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
    2011-10-05 20:41 . 2007-03-17 16:11 675840 ----a-w- c:\windows\system32\hpowiax3.dll
    2011-10-05 20:41 . 2007-03-17 16:11 303104 ----a-w- c:\windows\system32\hpovst10.dll
    2011-10-05 20:41 . 2007-03-17 16:11 569344 ----a-w- c:\windows\system32\hpotscl3.dll
    2011-10-05 20:41 . 2007-03-08 04:20 364544 ----a-w- c:\windows\system32\hppldcoi.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-28 19:14 . 2010-04-24 13:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-25 17:11 . 2011-06-02 14:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-31 22:00 . 2010-08-11 01:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-19 20:59 . 2011-01-11 02:24 148520 ----a-w- c:\windows\system32\mfevtps.exe
    2011-08-15 15:00 . 2011-09-22 19:45 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-08-15 15:00 . 2011-01-11 02:39 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-08-15 15:00 . 2011-01-11 02:38 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2011-08-15 15:00 . 2011-01-11 02:38 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2011-08-15 15:00 . 2011-01-11 02:38 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-08-15 15:00 . 2011-01-11 02:38 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-08-15 15:00 . 2011-01-11 02:38 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-08-15 15:00 . 2011-01-11 02:38 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-08-15 15:00 . 2010-10-14 04:28 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-08-15 15:00 . 2010-10-14 04:28 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-10-02 14:04 . 2011-10-02 14:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-10-14 04:28 . 2011-01-11 02:39 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-10-30_05.54.19 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-05-14 11:06 . 2011-10-31 14:44 67910 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2006-11-02 13:05 . 2011-10-30 05:04 70734 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2011-11-01 13:55 70734 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2010-04-06 18:09 . 2011-11-01 13:55 15684 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2721419356-2529414372-243999765-1000_UserData.bin
    - 2007-07-20 05:29 . 2011-10-30 05:09 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2007-07-20 05:29 . 2011-11-01 23:38 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-10-30 05:07 . 2011-10-30 05:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-10-30 05:07 . 2011-11-01 23:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2007-07-20 05:29 . 2011-11-01 23:38 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2007-07-20 05:29 . 2011-10-30 05:09 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-04-08 01:07 . 2011-10-30 05:00 6586 c:\windows\System32\WDI\ERCQueuedResolutions.dat
    + 2010-04-08 01:07 . 2011-11-01 04:34 6586 c:\windows\System32\WDI\ERCQueuedResolutions.dat
    + 2011-11-01 13:52 . 2011-11-01 13:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-10-30 05:02 . 2011-10-30 05:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-10-30 05:02 . 2011-10-30 05:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-11-01 13:52 . 2011-11-01 13:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-04-08 17:01 . 2011-11-01 21:16 251892 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2011-02-09 20:28 . 2011-10-30 05:00 324196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-02-09 20:28 . 2011-11-01 04:35 324196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-04-08 03:55 . 2011-10-30 05:01 21383556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2721419356-2529414372-243999765-1000-8192.dat
    + 2011-04-08 03:55 . 2011-11-01 04:35 21383556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2721419356-2529414372-243999765-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
    2010-04-07 23:17 1517056 ----a-w- c:\program files\MyPoints Point Finder\Toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
    @="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
    [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
    2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
    @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
    [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
    2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
    @="{b4caf489-1eec-c617-49ad-8d7088598c06}"
    [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
    2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
    .
    c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    OneNote Table Of Contents.onetoc2 [2011-10-14 3656]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\APSHook.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-15 87808]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-01-05 82952]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-08-15 64712]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-08-15 164776]
    S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 54776]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
    S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 160344]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-08-19 148520]
    S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-14 229688]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-08-15 57432]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-08-15 338040]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance REG_MULTI_SZ ASBroker ASChannel
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-21 c:\windows\Tasks\HPCeeScheduleForfran.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-05-14 21:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    FF - ProfilePath - c:\users\fran\AppData\Roaming\Mozilla\Firefox\Profiles\1mj4aowu.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-01 20:37
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1056)
    c:\program files\McAfee Online Backup\MOBKshell.dll
    c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
    .
    Completion time: 2011-11-01 20:50:26
    ComboFix-quarantined-files.txt 2011-11-02 01:50
    ComboFix2.txt 2011-10-30 06:06
    ComboFix3.txt 2011-10-28 18:04
    .
    Pre-Run: 98,081,849,344 bytes free
    Post-Run: 98,276,282,368 bytes free
    .
    - - End Of File - - FA085F773FEDD05A059A6E6031F844FF
  16. fholla1

    fholla1 Newcomer, in training Topic Starter Posts: 24

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:09:21 PM, on 11/1/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: FCTBPos00Pos - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Point Finder\Toolbar.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111011224924.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OneNote Table Of Contents.onetoc2
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
    O20 - AppInit_DLLs: C:\WINDOWS\System32\APSHook.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 11172 bytes
  17. fholla1

    fholla1 Newcomer, in training Topic Starter Posts: 24

    Hi Bobbye, I still have no desktop background, a system restore icon in the quicklaunch toolbar as well as the desktop and a blocked startup program icon in the notification area that often pops up. This is all I can see. Is there something else I should look for? Thanks!

    Fran
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, let's back up and follow this:

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, using your up/down arrows to reach it and then press ENTER.

    This infection may change your Windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer or update security software, we will first need need to fix this: Launch Internet Explorer
    • Access Internet Options through Tools> Connections tab
    • Click on the Lan Settings at the bottom
    • Proxy Server section> uncheck the box labeled 'Use a proxy server for your LAN.
    • Then click on OK> and OK again to close Internet Options.
    ===============================
    This malware frequently comes with the TDSS rootkit, so do the following:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    ====================================
    If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
    ====================================
    Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 3 different versions. If one of them won't run then download and try to run the other one. (Vista and Win7 users need to right click Rkill and choose Run as Administrator)

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
    Do not reboot until instructed. as it will start the malware again
    ==================================
    You will run another scan with Mbam, after it updates, but this time, on the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
    ========================================
    TDSSKiller
    RKill
    New Malwarebytes

    Did you uninstall the MyPoints Point Finder\Helper and FreeCauseURLSearchHook.FCToolbar?
  19. fholla1

    fholla1 Newcomer, in training Topic Starter Posts: 24

    alwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8089

    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 9.0.8112.16421

    11/5/2011 3:21:27 AM
    mbam-log-2011-11-05 (03-21-26).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 599729
    Time elapsed: 2 hour(s), 5 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  20. fholla1

    fholla1 Newcomer, in training Topic Starter Posts: 24

    Nothing was found on any of those scans. I uninstalled the MyPoints Point Finder\Helper and FreeCauseURLSearchHook.FCToolbar.

    My system is still running the same: no desktop image, missing icons, windows blocked programs icon and pop up in notification area, and system restore icon in quick launch area as well as on my desktop.
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    The missing entries may need to be restored manually:

    Restore Missing Icons and Desktop: Vista/Win 7
    • Start> Control Panel> Display> Desktop tab
    • Choose a background (you can change later if wanted)
    • Press Customize Desktop
    • Select the icons you want on the desktop
      [​IMG]
    • Click on Apply> OK
    Screen shot courtesy howtogeek
    -----------------------------------------------------
    I'd like you to check the Properties of the System Restore icon in the Quick Launch Toolbar. I actually have this icon there, but I created the shortcut and dragged it to QL. However, it does not pop up.

    The next time the icon for SR pops up there, quickly do a right click Properties on the icon. It should open on the shortcut tab When I check mine, I see the SR icon top left with shortcut arrow, words System Restore to the right of that, followed by Target type: Application, Target location: Restore> and 5 dialog boxes for:
    1. Target
    2. Start in
    3. Shortcut key
    4. Run and
    5. Comment
    Each of the above has a dialog box with text.

    You're going to take a screen shot of this screen as follows:
    While that Windows is open, do the following:
    Press the Alt key and Print Scrn together to take a screen shot.
    Open WordPad the paste the screen shot there.
    ----------------------------------------------.
    A note: If you have not taken screen shots previously, be aware that sometimes the timing of the 2 keys together doesn't work and instead of just getting the top screen using the Alt key, you get the entire screen> this is okay. This is just meant s a convenience for you to tell me what text is displayed in the 5 boxes.
    Then look at the 5 boxes on your screen shot and tell me what is in each
  22. fholla1

    fholla1 Newcomer, in training Topic Starter Posts: 24

    Bobbye, I can't seem to capture a screenshot of a pop up box. The target box is filled with this for icons 1 and 2:
    C:\ProgramData\1kAlMiG2Kb7FzP.exe

    I am not able to navigate between tabs.

    -there are no properties when I right click for 3. My choices are:
    show or remove blocked programs,
    run blocked program (there is an arrow on this one to show blocked program, it shows the program to be Malwarebytes' Anti- Malware)
    view help
    exit

    I opened windows defender, but it is not showing that malwarebytes is enabled at startup so I selected to show programs running at start up for all users then it showed malwarebytes so I disabled it. I hope that's the right thing to do. I've been trying to figure out what exactly I need running at start up so I can delete it, but I'm not sure what I need.

    Attached Files:

  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You did a good job on the screen shot. But I can't tell what the icons #2 and#3 are. The arrow on the System Restore icon denotes it is a shortcut. The arrow is the icon for 'shortcut', not blocked programs.

    Superantispyware should remove this: C:\ProgramData\1kAlMiG2Kb7FzP.exe Be sure to check the line for SAS to remove the processes it finds:
    [​IMG]
    SuperAntiSpyware Home Edition Free Version
    • Please download SuperAntiSpyware from HERE
    • Launch SuperAntiSpyware and click on 'Check for updates'.
    • Wait for the updates to be installed
    • On the main screen click on 'Scan your computer'.
    • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    • Make sure everything found has a checkmark next to it,then press 'Next'.
    • Click on 'Finish' when you've done.
    It's possible that the program will ask you to reboot in order to delete some files.

    Obtain the SuperAntiSpyware log as follows:
    • Click on 'Preferences'.
    • Click on the 'Statistics/Logs' tab.
    • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
    It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
  24. fholla1

    fholla1 Newcomer, in training Topic Starter Posts: 24

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/11/2011 at 05:19 PM

    Application Version : 5.0.1136

    Core Rules Database Version : 7933
    Trace Rules Database Version: 5745

    Scan type : Complete Scan
    Total Scan Time : 03:38:42

    Operating System Information
    Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
    UAC On - Limited User (Administrator User)

    Memory items scanned : 847
    Memory threats detected : 0
    Registry items scanned : 39875
    Registry threats detected : 0
    File items scanned : 87014
    File threats detected : 153

    Adware.Tracking Cookie
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\F55YG1BN.txt [ /a1.interclick.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\TZQJAM1B.txt [ /ads.shopstyle.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\7XV2MRV9.txt [ /in.getclicky.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\ABEQI1PB.txt [ /ads.undertone.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\2QDJAATK.txt [ /adbrite.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\L7AP7V6F.txt [ /lucidmedia.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\FAS84OPV.txt [ /specificclick.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\IB5AOUTP.txt [ /pro-market.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\9P9MFIG0.txt [ /mm.chitika.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\EUKW6RZ9.txt [ /questionmarket.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\GQ27U0X5.txt [ /ads.pointroll.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\F2FSWV9K.txt [ /bs.serving-sys.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\AI61MO82.txt [ /ads.cnn.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\YUC8KUUL.txt [ /serving-sys.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\LU48V623.txt [ /legolas-media.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\4QK82VM4.txt [ /dc.tremormedia.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\4HTWVR9I.txt [ /stats.zmags.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\IX0A5L8V.txt [ /content.yieldmanager.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\TJIQ1FRD.txt [ /pointroll.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\1D8CVYTA.txt [ /2o7.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\5PE4ECCD.txt [ /tribalfusion.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\EBHVJ523.txt [ /biglots.112.2o7.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\DNWQQUBE.txt [ /steelhousemedia.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\STWEYJ0B.txt [ /liveperson.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\VHDUH9ZI.txt [ /adxpose.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\KYTF029T.txt [ /mediabrandsww.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\KPDK3KS6.txt [ /at.atwola.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\NKA6GB3Y.txt [ /collective-media.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\Z4V045K9.txt [ /cbs.112.2o7.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\7QTGDBSZ.txt [ /kontera.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\AK3LSEEW.txt [ /ads.stylemepretty.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\XVX1AQBW.txt [ /eyewonder.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\GM14E5HI.txt [ /lfstmedia.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\R0NUM0CI.txt [ /media.adfrontiers.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\7ET8F4PB.txt [ /realmedia.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\ESZIXYZ8.txt [ /akamai.interclickproxy.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\FU9H4PIE.txt [ /invitemedia.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\TPY3YTVP.txt [ /track.adform.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\WTGYOPF9.txt [ /adtech.de ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\C8HFBB5V.txt [ /ru4.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\OQM6M3XU.txt [ /adform.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\QTM7NLEA.txt [ /amazon-adsystem.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\W61YP4NJ.txt [ /imrworldwide.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\0VB5E20Z.txt [ /ads.pubmatic.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\73Q4NN3M.txt [ /www.burstbeacon.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\YLAZVGUU.txt [ /adserver.adtechus.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\TJZZNDUC.txt [ /kaspersky.122.2o7.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\HFFS5L86.txt [ /tracking.livingsocial.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\DAFJBVO7.txt [ /ads.bleepingcomputer.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\ZEPC0YXB.txt [ /ads.foodbuzz.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\WCXJ95L5.txt [ /tracking.quisma.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\9KZY5Y35.txt [ /media6degrees.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\H619Z1CA.txt [ /interclick.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\S78XEJI2.txt [ /gsimedia.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\JXXTFXB6.txt [ /lm.logicalmedia.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\PJ82ARQB.txt [ /histats.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\EZ5H1D1F.txt [ /ad.yieldmanager.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\0M9TR1Z1.txt [ /www.discountmags.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\L2YR4S2T.txt [ /discountmags.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\0YW3QAHQ.txt [ /liveperson.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\ZHCUHS76.txt [ /amznshopbop.122.2o7.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\VAYASL80.txt [ /myfrenchcountryhome.blogspot.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\TRAAM34P.txt [ /anrtx.tacoda.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\36RA7KLR.txt [ /insightexpressai.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\OUAO47HP.txt [ /c.gigcount.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\6XTWTK5D.txt [ /paypal.112.2o7.net ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\59GP586N.txt [ /yadro.ru ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\RFNWZH4N.txt [ /network.realmedia.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\ZJZGS5WL.txt [ /w3counter.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\SPDYF5RV.txt [ /stats.paypal.com ]
    C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\3XDTYXBM.txt [ /revsci.net ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\ESZUMEDP.txt [ Cookie:fran@www.google.com/accounts ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\UPHA0QGD.txt [ Cookie:fran@adsonar.com/adserving ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\fran@www.cnn[1].txt [ Cookie:fran@www.cnn.com/2011/TECH/social.media/06/03/weinergate.twitter.insights/index.html ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\NPJ43O8K.txt [ Cookie:fran@blogs.babble.com/being-pregnant/wp-content/plugins/pixelstats/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@adserver1.synapseip[1].txt [ Cookie:fran@adserver1.synapseip.tv/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NL2O3YN4.txt [ Cookie:fran@yieldmanager.net/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@tribalfusion[2].txt [ Cookie:fran@tribalfusion.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@nextag[1].txt [ Cookie:fran@nextag.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T8IW889Y.txt [ Cookie:fran@adxpose.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@at.atwola[2].txt [ Cookie:fran@at.atwola.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ar.atwola[1].txt [ Cookie:fran@ar.atwola.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SK5GW3UR.txt [ Cookie:fran@adbrite.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RL4UNX22.txt [ Cookie:fran@kontera.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1FFQGY3P.txt [ Cookie:fran@lfstmedia.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RB6A3HJ7.txt [ Cookie:fran@www.googleadservices.com/pagead/conversion/1008912531/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@segment-pixel.invitemedia[1].txt [ Cookie:fran@segment-pixel.invitemedia.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5OXRZIN9.txt [ Cookie:fran@www.bizrate.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LSRZKWCE.txt [ Cookie:fran@ad.yieldmanager.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@www.discountschoolsupply[1].txt [ Cookie:fran@www.discountschoolsupply.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z0MRUYHC.txt [ Cookie:fran@vitacost.122.2o7.net/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ru4[1].txt [ Cookie:fran@ru4.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X9WA62L5.txt [ Cookie:fran@questionmarket.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@citi.bridgetrack[2].txt [ Cookie:fran@citi.bridgetrack.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7PE23L1I.txt [ Cookie:fran@ads.pointroll.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\H16Z68CC.txt [ Cookie:fran@revsci.net/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@adsonar[2].txt [ Cookie:fran@adsonar.com/adserving ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@content.yieldmanager[3].txt [ Cookie:fran@content.yieldmanager.com/ak/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@tacoda.at.atwola[1].txt [ Cookie:fran@tacoda.at.atwola.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@pointroll[2].txt [ Cookie:fran@pointroll.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\L2Y1JQP2.txt [ Cookie:fran@gsimedia.net/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4X81MPNB.txt [ Cookie:fran@www.googleadservices.com/pagead/conversion/1069745105/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CJXFS2A2.txt [ Cookie:fran@bizrate.com/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\31RJ0LCC.txt [ Cookie:fran@www.googleadservices.com/pagead/conversion/1001085065/ ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BXRTQFHA.txt [ Cookie:fran@www.google.com/accounts ]
    C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@CAWNRG0C.txt [ Cookie:fran@google.com/support/accounts/ ]
    C:\USERS\FRAN\Cookies\7XV2MRV9.txt [ Cookie:fran@in.getclicky.com/ ]
    C:\USERS\FRAN\Cookies\ESZUMEDP.txt [ Cookie:fran@www.google.com/accounts ]
    C:\USERS\FRAN\Cookies\2QDJAATK.txt [ Cookie:fran@adbrite.com/ ]
    C:\USERS\FRAN\Cookies\UPHA0QGD.txt [ Cookie:fran@adsonar.com/adserving ]
    C:\USERS\FRAN\Cookies\IB5AOUTP.txt [ Cookie:fran@pro-market.net/ ]
    C:\USERS\FRAN\Cookies\fran@www.cnn[1].txt [ Cookie:fran@www.cnn.com/2011/TECH/social.media/06/03/weinergate.twitter.insights/index.html ]
    C:\USERS\FRAN\Cookies\EUKW6RZ9.txt [ Cookie:fran@questionmarket.com/ ]
    C:\USERS\FRAN\Cookies\GQ27U0X5.txt [ Cookie:fran@ads.pointroll.com/ ]
    C:\USERS\FRAN\Cookies\F2FSWV9K.txt [ Cookie:fran@bs.serving-sys.com/ ]
    C:\USERS\FRAN\Cookies\IX0A5L8V.txt [ Cookie:fran@content.yieldmanager.com/ak/ ]
    C:\USERS\FRAN\Cookies\TJIQ1FRD.txt [ Cookie:fran@pointroll.com/ ]
    C:\USERS\FRAN\Cookies\1D8CVYTA.txt [ Cookie:fran@2o7.net/ ]
    C:\USERS\FRAN\Cookies\5PE4ECCD.txt [ Cookie:fran@tribalfusion.com/ ]
    C:\USERS\FRAN\Cookies\STWEYJ0B.txt [ Cookie:fran@liveperson.net/hc/LPneimanmarcus ]
    C:\USERS\FRAN\Cookies\VHDUH9ZI.txt [ Cookie:fran@adxpose.com/ ]
    C:\USERS\FRAN\Cookies\KYTF029T.txt [ Cookie:fran@mediabrandsww.com/ ]
    C:\USERS\FRAN\Cookies\KPDK3KS6.txt [ Cookie:fran@at.atwola.com/ ]
    C:\USERS\FRAN\Cookies\7QTGDBSZ.txt [ Cookie:fran@kontera.com/ ]
    C:\USERS\FRAN\Cookies\GM14E5HI.txt [ Cookie:fran@lfstmedia.com/ ]
    C:\USERS\FRAN\Cookies\7ET8F4PB.txt [ Cookie:fran@realmedia.com/ ]
    C:\USERS\FRAN\Cookies\ESZIXYZ8.txt [ Cookie:fran@akamai.interclickproxy.com/ ]
    C:\USERS\FRAN\Cookies\WTGYOPF9.txt [ Cookie:fran@adtech.de/ ]
    C:\USERS\FRAN\Cookies\C8HFBB5V.txt [ Cookie:fran@ru4.com/ ]
    C:\USERS\FRAN\Cookies\OQM6M3XU.txt [ Cookie:fran@adform.net/ ]
    C:\USERS\FRAN\Cookies\QTM7NLEA.txt [ Cookie:fran@amazon-adsystem.com/ ]
    C:\USERS\FRAN\Cookies\73Q4NN3M.txt [ Cookie:fran@www.burstbeacon.com/ ]
    C:\USERS\FRAN\Cookies\YLAZVGUU.txt [ Cookie:fran@adserver.adtechus.com/ ]
    C:\USERS\FRAN\Cookies\TJZZNDUC.txt [ Cookie:fran@kaspersky.122.2o7.net/ ]
    C:\USERS\FRAN\Cookies\HFFS5L86.txt [ Cookie:fran@tracking.livingsocial.com/ ]
    C:\USERS\FRAN\Cookies\WCXJ95L5.txt [ Cookie:fran@tracking.quisma.com/ ]
    C:\USERS\FRAN\Cookies\S78XEJI2.txt [ Cookie:fran@gsimedia.net/ ]
    C:\USERS\FRAN\Cookies\EZ5H1D1F.txt [ Cookie:fran@ad.yieldmanager.com/ ]
    C:\USERS\FRAN\Cookies\0M9TR1Z1.txt [ Cookie:fran@www.discountmags.com/ ]
    C:\USERS\FRAN\Cookies\L2YR4S2T.txt [ Cookie:fran@discountmags.com/ ]
    C:\USERS\FRAN\Cookies\0YW3QAHQ.txt [ Cookie:fran@liveperson.net/ ]
    C:\USERS\FRAN\Cookies\ZHCUHS76.txt [ Cookie:fran@amznshopbop.122.2o7.net/ ]
    C:\USERS\FRAN\Cookies\OUAO47HP.txt [ Cookie:fran@c.gigcount.com/ ]
    C:\USERS\FRAN\Cookies\6XTWTK5D.txt [ Cookie:fran@paypal.112.2o7.net/ ]
    C:\USERS\FRAN\Cookies\59GP586N.txt [ Cookie:fran@yadro.ru/ ]
    C:\USERS\FRAN\Cookies\SPDYF5RV.txt [ Cookie:fran@stats.paypal.com/ ]
    C:\USERS\FRAN\Cookies\NPJ43O8K.txt [ Cookie:fran@blogs.babble.com/being-pregnant/wp-content/plugins/pixelstats/ ]
    C:\USERS\FRAN\Cookies\3XDTYXBM.txt [ Cookie:fran@revsci.net/ ]
    ad.insightexpressai.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CM6WHWZA ]
    content.oddcast.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CM6WHWZA ]
    ia.media-imdb.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CM6WHWZA ]
    media15.onsugar.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CM6WHWZA ]
    C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@LUCIDMEDIA[1].TXT [ /LUCIDMEDIA ]
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, let's get control of those Tracking Cookies: On account for 'fran' or 'FRAN':

    Reset Cookies

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    =================================
    Please give me an update on how the system is working now.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.