Solved Need help fixing PC performance malware

Status
Not open for further replies.

fholla1

Posts: 24   +0
Hi! My system was infected with some Malware last night. I found the 5 step thread and completed all steps. I'm still having problems, although it is better. I'm missing my desktop background, icons and start menu and I'm not sure how to go about fixing this and I'm not sure if there are any other problems I haven't noticed yet. I've included the logs below as requested and would appreciate any help you could give. I'm not very savvy with computers, so I hope I did it right. Thanks!

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8026

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

10/26/2011 10:29:56 PM
mbam-log-2011-10-26 (22-29-56).txt

Scan type: Quick scan
Objects scanned: 177189
Time elapsed: 48 minute(s), 26 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\programdata\nfederlybhvow.exe (Trojan.FakeAlert) -> 3740 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nFEDeRLYbhvow.exe (Trojan.FakeAlert) -> Value: nFEDeRLYbhvow.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\nfederlybhvow.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\fran\AppData\Local\Temp\p5tm1qbi6dss92.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-27 07:44:12
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DK02
Running: wpm4yglg.exe; Driver: C:\Users\fran\AppData\Local\Temp\kxldypog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x881B3268]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x881B3292]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x881B327E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x881B3254]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by fran at 8:04:50 on 2011-10-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.469 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: FCToolbarURLSearchHook Class: {96b985b7-3cf9-456a-9db6-791710e60f5f} - c:\program files\mypoints point finder\Helper.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Freecause Toolbar BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:\program files\mypoints point finder\Toolbar.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111011224924.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints point finder\Toolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\fran\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\fran\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{7E93C08B-A35E-4BD2-B8AD-A38845B90176} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: APSHook.dll
LSA: Notification Packages = scecli ASWLNPkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fran\appdata\roaming\mozilla\firefox\profiles\1mj4aowu.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\3\NP_wtapp.dll
FF - plugin: c:\users\fran\appdata\roaming\move networks\plugins\npqmp071701000002.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 461864]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-10 64712]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-10 164776]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-1-20 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2010-4-7 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2010-4-7 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-4-7 21504]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-4-22 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-20 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-20 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-20 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-20 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-10 166024]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-10 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-10 148520]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-10 1153368]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-10 57432]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-8-11 227896]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-22 180072]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-10 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-10 338040]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-10 87808]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-7 82952]
.
=============== Created Last 30 ================
.
2011-10-27 03:33:53 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b4c30f7e-52f9-4447-a4a0-320f6fac1bda}\offreg.dll
2011-10-27 01:59:36 316816 ---ha-w- c:\programdata\1kAlMiG2Kb7FzP.exe
2011-10-25 17:06:15 -------- d--h--w- c:\programdata\VirtualFarm
2011-10-25 17:04:48 -------- d--h--w- c:\programdata\VirtualFarm2
2011-10-25 17:01:16 -------- d--h--w- c:\users\fran\appdata\roaming\Alawar Stargaze
2011-10-25 17:01:16 -------- d--h--w- c:\programdata\Alawar Stargaze
2011-10-25 06:47:01 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b4c30f7e-52f9-4447-a4a0-320f6fac1bda}\mpengine.dll
2011-10-24 04:00:13 9151488 ----a-w- c:\windows\system32\setup.msi
2011-10-24 02:16:24 354840 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-10-22 18:18:06 -------- d--h--w- c:\users\fran\appdata\roaming\Go-Go Gourmet Chef of the Year
2011-10-21 18:43:45 -------- d--h--w- c:\users\fran\appdata\roaming\LaJangada
2011-10-21 14:16:31 -------- d--h--w- c:\users\fran\appdata\local\HP
2011-10-15 00:22:06 -------- d--h--w- c:\users\fran\appdata\local\IsolatedStorage
2011-10-14 22:51:42 274944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp64X.dll
2011-10-14 04:08:28 -------- d--h--w- c:\programdata\Juliette's Fashion Empire
2011-10-12 17:48:12 -------- d--h--w- c:\users\fran\appdata\local\CrimsonThief
2011-10-12 14:36:32 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 14:36:32 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 14:36:31 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 14:36:30 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 14:36:21 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 14:36:20 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 14:36:20 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 14:36:20 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 14:35:26 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 14:33:53 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-12 01:16:15 117760 ----a-w- c:\windows\system32\hpzll64X.dll
2011-10-08 19:19:03 -------- d--h--w- c:\users\fran\appdata\roaming\Realore_Whiterra Roads Of Rome 3
2011-10-05 21:45:21 -------- d-----w- c:\program files\Coupons
2011-10-05 21:33:14 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll
2011-10-05 21:33:13 -------- d--h--w- c:\users\fran\appdata\roaming\Catalina Marketing Corp
2011-10-05 21:33:10 485576 ---ha-w- c:\users\fran\appdata\roaming\microsoft\windows\start menu\programs\catalina marketing corp\UninstallCouponActivator.exe
2011-10-05 21:17:50 -------- d--h--w- c:\programdata\WEBREG
2011-10-05 20:58:59 274944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
2011-10-05 20:48:08 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-10-05 20:43:17 271704 ----a-w- c:\windows\system32\hpzids01.dll
2011-10-05 20:43:05 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2011-10-05 20:41:25 675840 ----a-w- c:\windows\system32\hpowiax3.dll
2011-10-05 20:41:25 569344 ----a-w- c:\windows\system32\hpotscl3.dll
2011-10-05 20:41:25 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2011-10-05 20:41:25 303104 ----a-w- c:\windows\system32\hpovst10.dll
2011-10-02 14:04:02 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2011-10-02 14:04:01 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-10-02 14:04:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-10-02 14:04:00 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
.
==================== Find3M ====================
.
2011-10-25 17:11:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-19 20:59:30 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-08-15 15:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 15:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 15:00:06 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-08-15 15:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 15:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 15:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 15:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 15:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 15:00:06 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 15:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
============= FINISH: 8:11:16.19 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/20/2007 12:25:01 AM
System Uptime: 10/26/2011 10:33:23 PM (11 hours ago)
.
Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1500/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 178 GiB total, 92.357 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 0.008 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: USB\VID_08FF&PID_2580\5&8730710&0&1
Manufacturer:
Name:
PNP Device ID: USB\VID_08FF&PID_2580\5&8730710&0&1
Service:
.
==== System Restore Points ===================
.
RP421: 9/28/2011 10:40:53 AM - Windows Update
RP422: 9/30/2011 1:38:06 AM - Windows Update
RP423: 10/2/2011 4:53:24 PM - Scheduled Checkpoint
RP424: 10/4/2011 8:57:13 AM - Windows Update
RP425: 10/5/2011 3:41:27 PM - Device Driver Package Install: Hewlett-Packard Imaging devices
RP426: 10/5/2011 3:43:24 PM - Device Driver Package Install: Hewlett-Packard Printers
RP427: 10/5/2011 3:44:29 PM - Device Driver Package Install: Hewlett-Packard IEEE 1284.4 compatible printer
RP428: 10/5/2011 3:45:16 PM - Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
RP429: 10/7/2011 8:45:54 AM - Windows Update
RP430: 10/9/2011 7:12:51 PM - Scheduled Checkpoint
RP431: 10/11/2011 6:22:18 AM - Windows Update
RP432: 10/11/2011 8:12:15 PM - Installed HP Product Assistant
RP434: 10/11/2011 8:15:36 PM - HP Installation Restore Point
RP435: 10/12/2011 9:37:14 AM - Windows Update
RP436: 10/14/2011 1:25:00 AM - Windows Update
RP437: 10/18/2011 2:29:11 PM - Windows Update
RP438: 10/21/2011 1:25:46 AM - Windows Update
RP439: 10/23/2011 9:16:38 PM - Device Driver Package Install: Intel IDE ATA/ATAPI controllers
RP440: 10/23/2011 11:00:33 PM - Installed ATInstall.
RP441: 10/25/2011 1:44:57 AM - Windows Update
RP442: 10/25/2011 8:23:16 PM - Scheduled Checkpoint
RP443: 10/26/2011 8:01:29 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
4 Elements II
A Gypsy's Tale: Tower of Secrets
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8
Aerie - Spirit of the Forest
Agatha Christie - 4:50 from Paddington
AIO_Scan
Ancient Spirits: Columbus' Legacy
Antique Road Trip 2: Homecoming
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aquitania
ATInstall
AuthenTec Fingerprint Sensor Minimum Install
Bonjour
BufferChm
Burger Bustle
Cake Mania: To the Max
Cave Quest
Chloe's Dream Resort
Classic Adventures - The Great Gatsby
Copy
Country Harvest
Coupon Printer for Windows
Crop Busters
CustomerResearchQFolder
Dark Parables - Curse of Briar Rose
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Dr. Despicable's Dastardly Deeds
Dr. Wise - Medical Mysteries
Drugstore Mania
Elizabeth Find MD Diagnosis Mystery: Season 2
Epic Adventures - La Jangada
Escape from Frankenstein's Castle
ESU for Microsoft Vista
eSupportQFolder
F4100
F4100_doccd
F4100_Help
Faded Reality
Farm 2
Farm Craft
Farm Craft 2: Global Vegetable Crisis
Farmers Market
Farmscapes
Fate of the Pharaoh
FBI Paranormal Case: Extended Edition
FeedDemon
Fishdom: Seasons Under the Sea
Forgotten Places - Lost Circus
Gourmania 2: Great Expectations
Grace's Quest: To Catch An Art Thief
Great Secrets - Da Vinci
Gwen The Magic Nanny
Heart's Medicine: Season One
Hobby Farm
Hospital Haste
Hotdog Hotshot
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Doc Viewer
HP Easy Setup - Frontend
HP Games
HP Help and Support
HP Imaging Device Functions 9.0
HP Pavilion Webcam Driver for Vista v061.001.00006
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Quick Launch Buttons
HP QuickPlay 3.6
HP Solution Center 9.0
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
Ice Cream Craze: Natural Hero
Ice Cream Mania
Insider Tales - Vanished in Rome
Insider Tales: The Stolen Venus 2
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
iTunes
Jack the Ripper - Letters from Hell
Jade Rousseau The Secret Revelations
Jar of Marbles
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6
Jessica's BowWow Bistro
Juliette's Fashion Empire
L. Frank Baum's The Wonderful Wizard of Oz
Letters from Nowhere
LightScribe 1.4.136.1
Little Shop of Treasures 2
Magic Encyclopedia - Moon Light
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Master Thief - Skyscraper Sting
Matchmaker - Joining Hearts
McAfee Internet Security
McAfee Online Backup
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Millionaire Manor: The Hidden Object Show 3
Miriel the Magical Merchant
Motorola SM56 Speakerphone Modem
Move Media Player
Mozilla Firefox 7.0.1 (x86 en-US)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Farm Life
My Farm Life 2
My HP Games
My Life Story
MyPoints Point Finder
Mystery Cruise
Mystery P.I. - The London Caper
OGA Notifier 2.0.0048.0
Paradise Beach 2
Picasa 3
Pioneer Lands
Pizza Chef 2
PSSWCORE
Puppy Sanctuary
QLBCASL
QuickPlay SlingPlayer 0.4.6
QuickTime
Rachel's Retreat
Ranch Rush 2 - Premium Edition
Real Crimes - Jack the Ripper
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Restaurant Empire
Rhapsody
Rhapsody Player Engine
Roads of Rome 3
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Royal Envoy
Sally's Studio Premium Edition
Sara's Super Spa Deluxe
Scan
Secret Diaries: Florence Ashford
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Ski Resort Mogul
Smiling Pasta
SolutionCenter
Spybot - Search & Destroy
Stand O'Food 3
Star Crossed Love
Status
Summer Resort Mogul
Summer Rush
SUPERAntiSpyware
Supermarket Management 2
Supermarket Mania 2
Synaptics Pointing Device Driver
Tales of Lagoona
The Institute: A Becky Brogan Adventure
The Joy of Farming
Time Riddles: The Mansion
Toolbox
Travel Agency
TrayApp
Tropical Fish Shop - Annabels Adventure
Twisted Lands: Insomniac
Unexpected Journey
Unlikely Suspects
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VeriSoft Access Manager
Veronica and the Book of Dreams
VideoToolkit01
Virtual Farm 2
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebReg
Wedding Dash (R) 4-Ever
WildTangent Games
WildTangent Games App
WildTangent Games App (HP Games)
Women's Murder Club: Little Black Lies
Youda Fisherman
.
==== Event Viewer Messages From Past Week ========
.
10/26/2011 9:07:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
10/26/2011 9:04:59 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 9:04:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/26/2011 9:04:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/26/2011 9:04:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk mfenlfk mfewfpk MOBKFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2011 9:04:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 9:03:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/26/2011 9:03:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/26/2011 9:03:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/26/2011 9:03:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/26/2011 9:03:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/26/2011 9:02:53 PM, Error: EventLog [6008] - The previous system shutdown at 8:59:46 PM on 10/26/2011 was unexpected.
10/26/2011 8:32:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/26/2011 8:11:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/26/2011 8:11:36 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/26/2011 8:11:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/26/2011 2:00:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
10/26/2011 2:00:50 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/26/2011 2:00:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
10/26/2011 10:43:12 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
10/26/2011 10:43:10 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/26/2011 10:40:46 PM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting.
10/26/2011 10:38:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Scanner service to connect.
10/26/2011 10:38:41 PM, Error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/26/2011 10:38:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
10/26/2011 10:34:05 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/23/2011 7:57:49 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2011 8:52:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Com4QLBEx service to connect.
10/22/2011 8:52:17 AM, Error: Service Control Manager [7000] - The Com4QLBEx service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/22/2011 8:52:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Com4QLBEx with arguments "" in order to run the server: {DB536E5D-10F7-4B34-B443-140161048E2E}
10/22/2011 10:02:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
.
==== End Of File ===========================
 
Welcome to TechSpot! I'll be glad to help remove this malware.

My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
You can run the following to help find those 'missing' icons and entries. Please note: this does not remove the malware- only the attribute it used to make the files 'go missing':b]
Download Unhide.exe and save to the desktop.
  • Double-click on Unhide.exe icon to run the program.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
=====================================
Please allow me to comment that you are running many processes that do not need to start on boot and run in the background. Depending on how long your surfing session, they will, at some point, slow the system down.
======================================
You have some marketing/ad/points processes running that are going to expose the system to malware. We'll let the following help with them:

Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=======================================

Please update Java to v6u29: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
---------------------------------
Outdated Java usually means there is malware in the Java cache, so it needs to be cleared:
To clear the Java Plug-in cache:

  • [1]. Click Start > Control Panel.
    [2]. Double-click the Java icon in the control panel.
    java.png
    The Java Control Panel appears.
    plugin_cache1.jpg

    [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
    plugin_cache2.jpg

    [4] Click Delete Files.The Delete Temporary Files dialog box appears.
    plugin_cache3.jpg

    [5]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [6]. Click Apply> OK on Temporary Files Settings window.
Images courtesy java.com
========================================
Please leave the logs in your next reply.

Go on and follow the instructions in my next reply.
 
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
 
Hi Bobbye, thank you so much for your response. I've run the uhide twice and have minimal restoration. The only thing restored is my start menu. The desktop background is still missing as are almost all of the icons on the left. Also there is a funny Windows System restore icon on my desktop now as well as in what I would call the quick start menu to the right of the start button, it's the only button showing. After running unhide the first time I turned off real time scanning on macafee and ran it again, but there were no changes.

Please allow me to comment that you are running many processes that do not need to start on boot and run in the background. Depending on how long your surfing session, they will, at some point, slow the system down.

I'm sure I am running many processes I don't need to. I don't know what I need or don't or how to fix that. I'll try to figure it out. I'm getting a pop up message occasionally that states Windows is blocking some programs at start up. I can't tell if it's genuine or not, but there's a icon down in the bottom right bar for it. I just started getting this after the malware.

Thanks so much for your help, I really appreciate it.
 
You're welcome. I'll give you help in taking processes off of the Startup Menu when we have finished cleaning.

About those icons you now see: Be sure you don't double click to open them. They will be from the malware and you don't want to help it along.

These 2 areas you refer to> "quick start menu to the right of the start button" is called the QuickLaunch Toolbar. It holds shortcuts to programs that are used often. The area with the clock, to the right, is called the Notification Area. Basically is has icons for processes that are active now- usually started on boot.

Do not click to open any of the unknown icons.
====================================
I'd like you to check the computer time and date:
The first Mbam log is dated 10/26/2011 at 10:29:56 PM
GMER: 2011-10-27 at 07:44 AM
DDS: 2011-10-27 at 8:04:AM

.But you commented yesterday that you got malware 'last night.' While I do see a Trojan on 10/27, I'm not sure the clock is set right:
----------------------------------
Right click on the clock in the Notification Area (this is the name of the section to the right of the Taskbar)> Adjust Date/Time> Make sure both are correct on the screen that comes up> Select Internet Time Zone tab> Make sure you are in the correct time zone for your part of the country/world> Check 'adjust for daylight savings time'> Select 'Internet Time tab'> Check 'automatically synchronize with an internet time server'> click on Check now.
If you get an error, let me know- I'll give you another server.
===================================
I'm getting a pop up message occasionally that states Windows is blocking some programs at start up.
This is from the malware. It is a rogue fake alert, invented by the malware to try and get you to click on their link to fix the problem.
==================================
Please give me the logs from the Eset scan and Combofix when ready.

I'll have you run unhide again later if needed. Running it now was just for 'cosmetic' purposes.
 
Hi Bobbye, I ran the Mbam on the night of the 26th I think and the others the morning of the 27th. I found this board and then went through the 5 steps before posting. I had initially run a quick scan which was the log I posted. That night I ran another full scan to be sure that nothing else was detected and it took all night, I stopped it after almost nine hours. Nothing was found at that point. That's when I ran the other scans. Is it safe to use my computer at all? I have only been using the internet to check for your mail, but I wasn't sure. I will run the other scans now, I wanted to make sure it was ok to do so since the unhide didn't fix it all. I will post the logs shortly. Thanks!
 
Please Disregard! I saw your note in the instruction after posting this!

Bobbye I've encountered an issue. When combo fix restarted my computer a message popped up. I can't remember exactly what it said now, but after clicking it I cannot open any programs on my computer. I thought it had to do with Macafee running. Combofix finished and produced a log, but when I attempt to open my email or firefox I get an error message
C:/Program Files/Mozilla Firefox/firefox.exe
illegal operation attempted on a registry key that has been marked for deletion.

I had the real time macafee scanning set to come back on when my computer restarted since I didn't know that combofix was going to restart. So when I got the message I thought that's what it was and clicked ok. I guess I just made my problem worse instead. I'm not sure what to do, I have the finished log, but I can't open anything and more stuff is missing on my desktop. I've shut down and restarted my computer since the initial malware and haven't seen this message. I'm sorry.
 
I decided to try restarting and I was able to open programs. Then I read in your instructions that it could happen I'm sorry! Lol, I'm so scared about what I've done that I'm panicking! Here's the combo log:

ComboFix 11-10-28.04 - fran 10/28/2011 12:13:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.896 [GMT -5:00]
Running from: c:\users\fran\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1kAlMiG2Kb7FzP.exe
c:\users\fran\AppData\Roaming\EurekaLog
c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 17:39 . 2011-10-28 17:47 -------- d-----w- c:\users\fran\AppData\Local\temp
2011-10-28 17:39 . 2011-10-28 17:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-25 17:06 . 2011-10-25 17:06 -------- d-----w- c:\programdata\VirtualFarm
2011-10-25 17:01 . 2011-10-25 17:01 -------- d-----w- c:\users\fran\AppData\Roaming\Alawar Stargaze
2011-10-25 17:01 . 2011-10-25 17:01 -------- d-----w- c:\programdata\Alawar Stargaze
2011-10-24 02:16 . 2010-11-06 04:39 354840 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-10-22 18:18 . 2011-10-22 18:18 -------- d-----w- c:\users\fran\AppData\Roaming\Go-Go Gourmet Chef of the Year
2011-10-21 18:43 . 2011-10-21 18:43 -------- d-----w- c:\users\fran\AppData\Roaming\LaJangada
2011-10-21 14:16 . 2011-10-21 14:16 -------- d-----w- c:\users\fran\AppData\Local\HP
2011-10-15 00:22 . 2011-10-15 00:22 -------- d-----w- c:\users\fran\AppData\Local\IsolatedStorage
2011-10-14 22:51 . 2008-08-18 16:39 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp64X.dll
2011-10-14 04:08 . 2011-10-14 16:36 -------- d-----w- c:\programdata\Juliette's Fashion Empire
2011-10-12 17:48 . 2011-10-12 17:48 -------- d-----w- c:\users\fran\AppData\Local\CrimsonThief
2011-10-12 14:51 . 2011-09-01 02:41 141088 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-10-12 14:51 . 2011-09-01 02:26 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-10-12 14:51 . 2011-09-01 02:35 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-10-12 14:51 . 2011-09-01 02:30 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-10-12 14:33 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 01:16 . 2008-08-18 16:39 117760 ----a-w- c:\windows\system32\hpzll64X.dll
2011-10-08 19:19 . 2011-10-08 20:29 -------- d-----w- c:\users\fran\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
2011-10-05 21:45 . 2011-10-05 21:45 -------- d-----w- c:\program files\Coupons
2011-10-05 21:33 . 2011-10-05 21:33 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol400.dll
2011-10-05 21:33 . 2011-10-05 21:33 -------- d-----w- c:\users\fran\AppData\Roaming\Catalina Marketing Corp
2011-10-05 21:17 . 2011-10-05 21:17 -------- d-----w- c:\programdata\WEBREG
2011-10-05 20:58 . 2007-03-28 18:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2011-10-05 20:56 . 2011-10-05 20:56 -------- d-----w- c:\programdata\HPSSUPPLY
2011-10-05 20:51 . 2011-10-05 20:51 -------- d-----w- c:\programdata\HP Product Assistant
2011-10-05 20:48 . 2011-10-05 20:48 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-10-05 20:43 . 2010-05-06 10:51 271704 ----a-w- c:\windows\system32\hpzids01.dll
2011-10-05 20:43 . 2007-03-28 19:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2011-10-05 20:41 . 2007-03-17 16:11 675840 ----a-w- c:\windows\system32\hpowiax3.dll
2011-10-05 20:41 . 2007-03-17 16:11 303104 ----a-w- c:\windows\system32\hpovst10.dll
2011-10-05 20:41 . 2007-03-17 16:11 569344 ----a-w- c:\windows\system32\hpotscl3.dll
2011-10-05 20:41 . 2007-03-08 04:20 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2011-10-02 14:04 . 2011-10-02 14:04 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2011-10-02 14:04 . 2011-10-02 14:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-02 14:04 . 2011-10-02 14:04 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-02 14:04 . 2011-10-02 14:04 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 17:45 . 2011-10-28 17:45 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4C30F7E-52F9-4447-A4A0-320F6FAC1BDA}\offreg.dll
2011-10-25 17:11 . 2011-06-02 14:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 03:48 . 2011-10-25 06:47 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4C30F7E-52F9-4447-A4A0-320F6FAC1BDA}\mpengine.dll
2011-09-06 13:30 . 2011-10-12 14:35 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:28 . 2011-10-12 14:51 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 14:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 22:00 . 2010-08-11 01:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15 . 2011-10-12 14:36 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-12 14:36 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:14 . 2011-10-12 14:36 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 13:31 . 2011-10-12 14:36 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-19 20:59 . 2011-01-11 02:24 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-08-15 15:00 . 2011-09-22 19:45 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 15:00 . 2011-01-11 02:39 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 15:00 . 2011-01-11 02:38 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 15:00 . 2011-01-11 02:38 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-08-15 15:00 . 2011-01-11 02:38 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 15:00 . 2011-01-11 02:38 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 15:00 . 2011-01-11 02:38 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 15:00 . 2011-01-11 02:38 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 15:00 . 2010-10-14 04:28 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 15:00 . 2010-10-14 04:28 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-02 14:04 . 2011-10-02 14:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-10-14 04:28 . 2011-01-11 02:39 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{96b985b7-3cf9-456a-9db6-791710e60f5f}"= "c:\program files\MyPoints Point Finder\Helper.dll" [2010-04-07 242688]
.
[HKEY_CLASSES_ROOT\clsid\{96b985b7-3cf9-456a-9db6-791710e60f5f}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{9FEBEA6D-4801-4D23-97E7-A771B698E442}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
2010-04-07 23:17 1517056 ----a-w- c:\program files\MyPoints Point Finder\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Point Finder\Toolbar.dll" [2010-04-07 1517056]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Point Finder\Toolbar.dll" [2010-04-07 1517056]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2011-10-14 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-15 87808]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-01-05 82952]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-08-15 64712]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-08-15 164776]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 54776]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 160344]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-08-19 148520]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-14 229688]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-08-15 57432]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-08-15 338040]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-21 c:\windows\Tasks\HPCeeScheduleForfran.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-05-14 21:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\users\fran\AppData\Roaming\Mozilla\Firefox\Profiles\1mj4aowu.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 12:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\fran\AppData\Local\Temp\catchme.dll 53248 bytes executable
c:\windows\TEMP\TMP00000029B5737E8E622817FE 524288 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(576)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\vssvc.exe
c:\program files\Common Files\McAfee\Core\mchost.exe
.
**************************************************************************
.
Completion time: 2011-10-28 13:04:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-28 18:04
.
Pre-Run: 98,368,479,232 bytes free
Post-Run: 98,274,541,568 bytes free
.
- - End Of File - - 6F3820AEDBA783C1C4AE2612117FFB10
 
ESET log

C:\Program Files\HP Games\Matchmaker - Joining Hearts\Matchmaker.exe a variant of Win32/Kryptik.BCY trojan
C:\Qoobox\Quarantine\C\ProgramData\1kAlMiG2Kb7FzP.exe.vir a variant of Win32/Kryptik.UOA trojan
 
No problem. Just read the program instructions carefully.
For Combofix:
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
===================================
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code:
    :Files  
    C:\Program Files\HP Games\Matchmaker - Joining Hearts\Matchmaker.exe
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
====================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code:
File::
c:\programdata\1kAlMiG2Kb7FzP.exe
Folder::
DDS::
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{96b985b7-3cf9-456a-9db6-791710e60f5f}"=-
[HKEY_CLASSES_ROOT\clsid\{96b985b7-3cf9-456a-9db6-791710e60f5f}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{9FEBEA6D-4801-4D23-97E7-A771B698E442}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"=-
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"=-
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Please note I have removed 16 Registry entries for My Points Finder Toolbar>>
MyPoints Toolbar 2.0 - a Softomate/Besttoolbars Toolbar variant - Softomate customizes toolbars to customers needs. The dll files for their toolbars contain some spyware/adware functionality, although not all of the toolbars use this.
===================
When finished: Please Download catchme.exe ( 137KB ) and save to your desktop.
  • Double click the catchme.exe to run it
  • Click the "Scan" button to start scan
    catchme1.jpg
  • Open catchme.log to see results

Copy the log to Notepad, making sure that 'Word Wrap' is unchecked in Format. Then paste the log in your next reply.
 
OTMoveit

All processes killed
========== FILES ==========
C:\Program Files\HP Games\Matchmaker - Joining Hearts\Matchmaker.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: fran
->Temp folder emptied: 196986 bytes
->Temporary Internet Files folder emptied: 584485074 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 53853218 bytes
->Google Chrome cache emptied: 7449183 bytes
->Flash cache emptied: 2007947 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 211350 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 10789706 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 628.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 10292011_235609
All processes killed

OTM by OldTimer - Version 3.1.19.0 log created on 10292011_235602

Files moved on Reboot...

Registry entries deleted on Reboot...
 
ComboFix 11-10-29.06 - fran 10/30/2011 0:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.847 [GMT -5:00]
Running from: c:\users\fran\Downloads\ComboFix.exe
Command switches used :: c:\users\fran\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\1kAlMiG2Kb7FzP.exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 05:53 . 2011-10-30 05:54 -------- d-----w- c:\users\fran\AppData\Local\temp
2011-10-30 05:53 . 2011-10-30 05:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-30 05:02 . 2011-10-30 05:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4C30F7E-52F9-4447-A4A0-320F6FAC1BDA}\offreg.dll
2011-10-30 04:56 . 2011-10-30 04:56 -------- d-----w- C:\_OTM
2011-10-28 19:19 . 2011-10-28 19:19 -------- d-----w- c:\program files\ESET
2011-10-28 19:15 . 2011-10-28 19:15 -------- d-----w- c:\program files\Common Files\Java
2011-10-25 17:06 . 2011-10-25 17:06 -------- d-----w- c:\programdata\VirtualFarm
2011-10-25 17:01 . 2011-10-25 17:01 -------- d-----w- c:\users\fran\AppData\Roaming\Alawar Stargaze
2011-10-25 17:01 . 2011-10-25 17:01 -------- d-----w- c:\programdata\Alawar Stargaze
2011-10-25 06:47 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4C30F7E-52F9-4447-A4A0-320F6FAC1BDA}\mpengine.dll
2011-10-24 04:00 . 2008-11-25 15:05 9151488 ----a-w- c:\windows\system32\setup.msi
2011-10-24 02:16 . 2010-11-06 04:39 354840 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-10-22 18:18 . 2011-10-22 18:18 -------- d-----w- c:\users\fran\AppData\Roaming\Go-Go Gourmet Chef of the Year
2011-10-21 18:43 . 2011-10-21 18:43 -------- d-----w- c:\users\fran\AppData\Roaming\LaJangada
2011-10-21 14:16 . 2011-10-21 14:16 -------- d-----w- c:\users\fran\AppData\Local\HP
2011-10-15 00:22 . 2011-10-15 00:22 -------- d-----w- c:\users\fran\AppData\Local\IsolatedStorage
2011-10-14 22:51 . 2008-08-18 16:39 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp64X.dll
2011-10-14 04:08 . 2011-10-14 16:36 -------- d-----w- c:\programdata\Juliette's Fashion Empire
2011-10-12 17:48 . 2011-10-12 17:48 -------- d-----w- c:\users\fran\AppData\Local\CrimsonThief
2011-10-12 14:36 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 14:36 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 14:36 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 14:36 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 14:36 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 14:36 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 14:36 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 14:36 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 14:35 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 14:33 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 01:16 . 2008-08-18 16:39 117760 ----a-w- c:\windows\system32\hpzll64X.dll
2011-10-08 19:19 . 2011-10-08 20:29 -------- d-----w- c:\users\fran\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
2011-10-05 21:45 . 2011-10-05 21:45 -------- d-----w- c:\program files\Coupons
2011-10-05 21:33 . 2011-10-05 21:33 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol400.dll
2011-10-05 21:33 . 2011-10-05 21:33 -------- d-----w- c:\users\fran\AppData\Roaming\Catalina Marketing Corp
2011-10-05 21:33 . 2011-10-05 21:32 485576 ----a-w- c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2011-10-05 21:17 . 2011-10-05 21:17 -------- d-----w- c:\programdata\WEBREG
2011-10-05 20:58 . 2007-03-28 18:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2011-10-05 20:56 . 2011-10-05 20:56 -------- d-----w- c:\programdata\HPSSUPPLY
2011-10-05 20:51 . 2011-10-05 20:51 -------- d-----w- c:\programdata\HP Product Assistant
2011-10-05 20:48 . 2011-10-05 20:48 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-10-05 20:43 . 2010-05-06 10:51 271704 ----a-w- c:\windows\system32\hpzids01.dll
2011-10-05 20:43 . 2007-03-28 19:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2011-10-05 20:41 . 2007-03-17 16:11 675840 ----a-w- c:\windows\system32\hpowiax3.dll
2011-10-05 20:41 . 2007-03-17 16:11 303104 ----a-w- c:\windows\system32\hpovst10.dll
2011-10-05 20:41 . 2007-03-17 16:11 569344 ----a-w- c:\windows\system32\hpotscl3.dll
2011-10-05 20:41 . 2007-03-08 04:20 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2011-10-02 14:04 . 2011-10-02 14:04 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2011-10-02 14:04 . 2011-10-02 14:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-02 14:04 . 2011-10-02 14:04 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-02 14:04 . 2011-10-02 14:04 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 19:14 . 2010-04-24 13:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-25 17:11 . 2011-06-02 14:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 22:00 . 2010-08-11 01:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-19 20:59 . 2011-01-11 02:24 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-08-15 15:00 . 2011-09-22 19:45 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 15:00 . 2011-01-11 02:39 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 15:00 . 2011-01-11 02:38 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 15:00 . 2011-01-11 02:38 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-08-15 15:00 . 2011-01-11 02:38 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 15:00 . 2011-01-11 02:38 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 15:00 . 2011-01-11 02:38 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 15:00 . 2011-01-11 02:38 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 15:00 . 2010-10-14 04:28 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 15:00 . 2010-10-14 04:28 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-02 14:04 . 2011-10-02 14:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-10-14 04:28 . 2011-01-11 02:39 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
2010-04-07 23:17 1517056 ----a-w- c:\program files\MyPoints Point Finder\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2011-10-14 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-15 87808]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-01-05 82952]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-08-15 64712]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-08-15 164776]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 54776]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 160344]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-08-19 148520]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-14 229688]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-08-15 57432]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-08-15 338040]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-21 c:\windows\Tasks\HPCeeScheduleForfran.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-05-14 21:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\users\fran\AppData\Roaming\Mozilla\Firefox\Profiles\1mj4aowu.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-30 00:54
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1924)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2011-10-30 01:06:47
ComboFix-quarantined-files.txt 2011-10-30 06:06
ComboFix2.txt 2011-10-28 18:04
.
Pre-Run: 99,378,638,848 bytes free
Post-Run: 99,340,484,608 bytes free
.
- - End Of File - - 060238EF94274A442B9C3A6CB770AD9F
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-30 01:30:21
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
 
Okay, a few more in Combifix:

Custom CFScript


  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
File::
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
=====================
Recommend you uninstall the My Points Toolbar Then use Windows Explorer to delete the program folder
====================
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please let me know how the systm is doing.
 
ComboFix 11-11-01.04 - fran 11/01/2011 20:10:48.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1174 [GMT -5:00]
Running from: c:\users\fran\Downloads\ComboFix.exe
Command switches used :: c:\users\fran\Desktop\cfscript2.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))
.
.
2011-11-02 01:35 . 2011-11-02 01:37 -------- d-----w- c:\users\fran\AppData\Local\temp
2011-11-02 01:35 . 2011-11-02 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-01 14:15 . 2011-11-01 14:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE60E79B-47F0-4052-ADED-6D1523ACA1CE}\offreg.dll
2011-11-01 14:15 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE60E79B-47F0-4052-ADED-6D1523ACA1CE}\mpengine.dll
2011-10-30 04:56 . 2011-10-30 04:56 -------- d-----w- C:\_OTM
2011-10-28 19:19 . 2011-10-28 19:19 -------- d-----w- c:\program files\ESET
2011-10-28 19:15 . 2011-10-28 19:15 -------- d-----w- c:\program files\Common Files\Java
2011-10-25 17:06 . 2011-11-01 18:32 -------- d-----w- c:\programdata\VirtualFarm
2011-10-25 17:01 . 2011-10-25 17:01 -------- d-----w- c:\users\fran\AppData\Roaming\Alawar Stargaze
2011-10-25 17:01 . 2011-10-25 17:01 -------- d-----w- c:\programdata\Alawar Stargaze
2011-10-24 04:00 . 2008-11-25 15:05 9151488 ----a-w- c:\windows\system32\setup.msi
2011-10-24 02:16 . 2010-11-06 04:39 354840 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-10-22 18:18 . 2011-10-22 18:18 -------- d-----w- c:\users\fran\AppData\Roaming\Go-Go Gourmet Chef of the Year
2011-10-21 18:43 . 2011-10-21 18:43 -------- d-----w- c:\users\fran\AppData\Roaming\LaJangada
2011-10-21 14:16 . 2011-10-21 14:16 -------- d-----w- c:\users\fran\AppData\Local\HP
2011-10-15 00:22 . 2011-10-15 00:22 -------- d-----w- c:\users\fran\AppData\Local\IsolatedStorage
2011-10-14 22:51 . 2008-08-18 16:39 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp64X.dll
2011-10-14 04:08 . 2011-10-14 16:36 -------- d-----w- c:\programdata\Juliette's Fashion Empire
2011-10-12 17:48 . 2011-10-12 17:48 -------- d-----w- c:\users\fran\AppData\Local\CrimsonThief
2011-10-12 14:36 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 14:36 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 14:36 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 14:36 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 14:36 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 14:36 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 14:36 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 14:36 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 14:35 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 14:33 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 01:16 . 2008-08-18 16:39 117760 ----a-w- c:\windows\system32\hpzll64X.dll
2011-10-08 19:19 . 2011-10-08 20:29 -------- d-----w- c:\users\fran\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
2011-10-05 21:45 . 2011-10-05 21:45 -------- d-----w- c:\program files\Coupons
2011-10-05 21:33 . 2011-10-05 21:33 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol400.dll
2011-10-05 21:33 . 2011-10-05 21:33 -------- d-----w- c:\users\fran\AppData\Roaming\Catalina Marketing Corp
2011-10-05 21:33 . 2011-10-05 21:32 485576 ----a-w- c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2011-10-05 21:17 . 2011-10-05 21:17 -------- d-----w- c:\programdata\WEBREG
2011-10-05 20:58 . 2007-03-28 18:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2011-10-05 20:56 . 2011-10-05 20:56 -------- d-----w- c:\programdata\HPSSUPPLY
2011-10-05 20:51 . 2011-10-05 20:51 -------- d-----w- c:\programdata\HP Product Assistant
2011-10-05 20:48 . 2011-10-05 20:48 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-10-05 20:43 . 2010-05-06 10:51 271704 ----a-w- c:\windows\system32\hpzids01.dll
2011-10-05 20:43 . 2007-03-28 19:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2011-10-05 20:41 . 2007-03-17 16:11 675840 ----a-w- c:\windows\system32\hpowiax3.dll
2011-10-05 20:41 . 2007-03-17 16:11 303104 ----a-w- c:\windows\system32\hpovst10.dll
2011-10-05 20:41 . 2007-03-17 16:11 569344 ----a-w- c:\windows\system32\hpotscl3.dll
2011-10-05 20:41 . 2007-03-08 04:20 364544 ----a-w- c:\windows\system32\hppldcoi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 19:14 . 2010-04-24 13:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-25 17:11 . 2011-06-02 14:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 22:00 . 2010-08-11 01:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-19 20:59 . 2011-01-11 02:24 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-08-15 15:00 . 2011-09-22 19:45 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 15:00 . 2011-01-11 02:39 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 15:00 . 2011-01-11 02:38 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 15:00 . 2011-01-11 02:38 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-08-15 15:00 . 2011-01-11 02:38 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 15:00 . 2011-01-11 02:38 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 15:00 . 2011-01-11 02:38 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 15:00 . 2011-01-11 02:38 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 15:00 . 2010-10-14 04:28 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 15:00 . 2010-10-14 04:28 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-02 14:04 . 2011-10-02 14:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-10-14 04:28 . 2011-01-11 02:39 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-30_05.54.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-14 11:06 . 2011-10-31 14:44 67910 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2011-10-30 05:04 70734 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2011-11-01 13:55 70734 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-06 18:09 . 2011-11-01 13:55 15684 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2721419356-2529414372-243999765-1000_UserData.bin
- 2007-07-20 05:29 . 2011-10-30 05:09 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-07-20 05:29 . 2011-11-01 23:38 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-30 05:07 . 2011-10-30 05:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-30 05:07 . 2011-11-01 23:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-20 05:29 . 2011-11-01 23:38 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-07-20 05:29 . 2011-10-30 05:09 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-08 01:07 . 2011-10-30 05:00 6586 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2010-04-08 01:07 . 2011-11-01 04:34 6586 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2011-11-01 13:52 . 2011-11-01 13:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-30 05:02 . 2011-10-30 05:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-30 05:02 . 2011-10-30 05:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-01 13:52 . 2011-11-01 13:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-08 17:01 . 2011-11-01 21:16 251892 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-02-09 20:28 . 2011-10-30 05:00 324196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-09 20:28 . 2011-11-01 04:35 324196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-08 03:55 . 2011-10-30 05:01 21383556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2721419356-2529414372-243999765-1000-8192.dat
+ 2011-04-08 03:55 . 2011-11-01 04:35 21383556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2721419356-2529414372-243999765-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
2010-04-07 23:17 1517056 ----a-w- c:\program files\MyPoints Point Finder\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2011-10-14 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-15 87808]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-01-05 82952]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-08-15 64712]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-08-15 164776]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 54776]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 160344]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-08-19 148520]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-14 229688]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-08-15 57432]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-08-15 338040]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-21 c:\windows\Tasks\HPCeeScheduleForfran.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-05-14 21:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\users\fran\AppData\Roaming\Mozilla\Firefox\Profiles\1mj4aowu.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-01 20:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1056)
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2011-11-01 20:50:26
ComboFix-quarantined-files.txt 2011-11-02 01:50
ComboFix2.txt 2011-10-30 06:06
ComboFix3.txt 2011-10-28 18:04
.
Pre-Run: 98,081,849,344 bytes free
Post-Run: 98,276,282,368 bytes free
.
- - End Of File - - FA085F773FEDD05A059A6E6031F844FF
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:09:21 PM, on 11/1/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FCTBPos00Pos - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Point Finder\Toolbar.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111011224924.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\APSHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11172 bytes
 
Hi Bobbye, I still have no desktop background, a system restore icon in the quicklaunch toolbar as well as the desktop and a blocked startup program icon in the notification area that often pops up. This is all I can see. Is there something else I should look for? Thanks!

Fran
 
Okay, let's back up and follow this:

Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, using your up/down arrows to reach it and then press ENTER.

This infection may change your Windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer or update security software, we will first need need to fix this: Launch Internet Explorer
  • Access Internet Options through Tools> Connections tab
  • Click on the Lan Settings at the bottom
  • Proxy Server section> uncheck the box labeled 'Use a proxy server for your LAN.
  • Then click on OK> and OK again to close Internet Options.
===============================
This malware frequently comes with the TDSS rootkit, so do the following:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result.
  • A reboot is required after disinfection.
====================================
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 3 different versions. If one of them won't run then download and try to run the other one. (Vista and Win7 users need to right click Rkill and choose Run as Administrator)

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot until instructed. as it will start the malware again
==================================
You will run another scan with Mbam, after it updates, but this time, on the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

When scan has finished, you will see this image:
scan-finished.jpg

  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
========================================
TDSSKiller
RKill
New Malwarebytes

Did you uninstall the MyPoints Point Finder\Helper and FreeCauseURLSearchHook.FCToolbar?
 
alwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8089

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

11/5/2011 3:21:27 AM
mbam-log-2011-11-05 (03-21-26).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 599729
Time elapsed: 2 hour(s), 5 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Nothing was found on any of those scans. I uninstalled the MyPoints Point Finder\Helper and FreeCauseURLSearchHook.FCToolbar.

My system is still running the same: no desktop image, missing icons, windows blocked programs icon and pop up in notification area, and system restore icon in quick launch area as well as on my desktop.
 
The missing entries may need to be restored manually:

Restore Missing Icons and Desktop: Vista/Win 7
  • Start> Control Panel> Display> Desktop tab
  • Choose a background (you can change later if wanted)
  • Press Customize Desktop
  • Select the icons you want on the desktop
    desktop-icon-settings.png
  • Click on Apply> OK
Screen shot courtesy howtogeek
-----------------------------------------------------
I'd like you to check the Properties of the System Restore icon in the Quick Launch Toolbar. I actually have this icon there, but I created the shortcut and dragged it to QL. However, it does not pop up.

The next time the icon for SR pops up there, quickly do a right click Properties on the icon. It should open on the shortcut tab When I check mine, I see the SR icon top left with shortcut arrow, words System Restore to the right of that, followed by Target type: Application, Target location: Restore> and 5 dialog boxes for:
1. Target
2. Start in
3. Shortcut key
4. Run and
5. Comment
Each of the above has a dialog box with text.

You're going to take a screen shot of this screen as follows:
While that Windows is open, do the following:
Press the Alt key and Print Scrn together to take a screen shot.
Open WordPad the paste the screen shot there.
----------------------------------------------.
A note: If you have not taken screen shots previously, be aware that sometimes the timing of the 2 keys together doesn't work and instead of just getting the top screen using the Alt key, you get the entire screen> this is okay. This is just meant s a convenience for you to tell me what text is displayed in the 5 boxes.
Then look at the 5 boxes on your screen shot and tell me what is in each
 
Bobbye, I can't seem to capture a screenshot of a pop up box. The target box is filled with this for icons 1 and 2:
C:\ProgramData\1kAlMiG2Kb7FzP.exe

I am not able to navigate between tabs.

-there are no properties when I right click for 3. My choices are:
show or remove blocked programs,
run blocked program (there is an arrow on this one to show blocked program, it shows the program to be Malwarebytes' Anti- Malware)
view help
exit

I opened windows defender, but it is not showing that malwarebytes is enabled at startup so I selected to show programs running at start up for all users then it showed malwarebytes so I disabled it. I hope that's the right thing to do. I've been trying to figure out what exactly I need running at start up so I can delete it, but I'm not sure what I need.
 

Attachments

  • scrn shot.pdf
    174.8 KB · Views: 1
You did a good job on the screen shot. But I can't tell what the icons #2 and#3 are. The arrow on the System Restore icon denotes it is a shortcut. The arrow is the icon for 'shortcut', not blocked programs.

Superantispyware should remove this: C:\ProgramData\1kAlMiG2Kb7FzP.exe Be sure to check the line for SAS to remove the processes it finds:
SASLogo48x48.gif

SuperAntiSpyware Home Edition Free Version
  • Please download SuperAntiSpyware from HERE
  • Launch SuperAntiSpyware and click on 'Check for updates'.
  • Wait for the updates to be installed
  • On the main screen click on 'Scan your computer'.
  • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
  • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
  • Make sure everything found has a checkmark next to it,then press 'Next'.
  • Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
  • Click on 'Preferences'.
  • Click on the 'Statistics/Logs' tab.
  • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
 
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/11/2011 at 05:19 PM

Application Version : 5.0.1136

Core Rules Database Version : 7933
Trace Rules Database Version: 5745

Scan type : Complete Scan
Total Scan Time : 03:38:42

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 847
Memory threats detected : 0
Registry items scanned : 39875
Registry threats detected : 0
File items scanned : 87014
File threats detected : 153

Adware.Tracking Cookie
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\F55YG1BN.txt [ /a1.interclick.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\TZQJAM1B.txt [ /ads.shopstyle.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\7XV2MRV9.txt [ /in.getclicky.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\ABEQI1PB.txt [ /ads.undertone.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\2QDJAATK.txt [ /adbrite.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\L7AP7V6F.txt [ /lucidmedia.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\FAS84OPV.txt [ /specificclick.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\IB5AOUTP.txt [ /pro-market.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\9P9MFIG0.txt [ /mm.chitika.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\EUKW6RZ9.txt [ /questionmarket.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\GQ27U0X5.txt [ /ads.pointroll.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\F2FSWV9K.txt [ /bs.serving-sys.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\AI61MO82.txt [ /ads.cnn.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\YUC8KUUL.txt [ /serving-sys.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\LU48V623.txt [ /legolas-media.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\4QK82VM4.txt [ /dc.tremormedia.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\4HTWVR9I.txt [ /stats.zmags.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\IX0A5L8V.txt [ /content.yieldmanager.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\TJIQ1FRD.txt [ /pointroll.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\1D8CVYTA.txt [ /2o7.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\5PE4ECCD.txt [ /tribalfusion.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\EBHVJ523.txt [ /biglots.112.2o7.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\DNWQQUBE.txt [ /steelhousemedia.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\STWEYJ0B.txt [ /liveperson.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\VHDUH9ZI.txt [ /adxpose.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\KYTF029T.txt [ /mediabrandsww.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\KPDK3KS6.txt [ /at.atwola.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\NKA6GB3Y.txt [ /collective-media.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\Z4V045K9.txt [ /cbs.112.2o7.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\7QTGDBSZ.txt [ /kontera.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\AK3LSEEW.txt [ /ads.stylemepretty.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\XVX1AQBW.txt [ /eyewonder.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\GM14E5HI.txt [ /lfstmedia.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\R0NUM0CI.txt [ /media.adfrontiers.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\7ET8F4PB.txt [ /realmedia.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\ESZIXYZ8.txt [ /akamai.interclickproxy.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\FU9H4PIE.txt [ /invitemedia.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\TPY3YTVP.txt [ /track.adform.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\WTGYOPF9.txt [ /adtech.de ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\C8HFBB5V.txt [ /ru4.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\OQM6M3XU.txt [ /adform.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\QTM7NLEA.txt [ /amazon-adsystem.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\W61YP4NJ.txt [ /imrworldwide.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\0VB5E20Z.txt [ /ads.pubmatic.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\73Q4NN3M.txt [ /www.burstbeacon.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\YLAZVGUU.txt [ /adserver.adtechus.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\TJZZNDUC.txt [ /kaspersky.122.2o7.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\HFFS5L86.txt [ /tracking.livingsocial.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\DAFJBVO7.txt [ /ads.bleepingcomputer.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\ZEPC0YXB.txt [ /ads.foodbuzz.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\WCXJ95L5.txt [ /tracking.quisma.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\9KZY5Y35.txt [ /media6degrees.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\H619Z1CA.txt [ /interclick.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\S78XEJI2.txt [ /gsimedia.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\JXXTFXB6.txt [ /lm.logicalmedia.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\PJ82ARQB.txt [ /histats.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\EZ5H1D1F.txt [ /ad.yieldmanager.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\0M9TR1Z1.txt [ /www.discountmags.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\L2YR4S2T.txt [ /discountmags.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\0YW3QAHQ.txt [ /liveperson.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\ZHCUHS76.txt [ /amznshopbop.122.2o7.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\VAYASL80.txt [ /myfrenchcountryhome.blogspot.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\TRAAM34P.txt [ /anrtx.tacoda.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\36RA7KLR.txt [ /insightexpressai.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\OUAO47HP.txt [ /c.gigcount.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\6XTWTK5D.txt [ /paypal.112.2o7.net ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\59GP586N.txt [ /yadro.ru ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\RFNWZH4N.txt [ /network.realmedia.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\ZJZGS5WL.txt [ /w3counter.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\SPDYF5RV.txt [ /stats.paypal.com ]
C:\Users\fran\AppData\Roaming\Microsoft\Windows\Cookies\3XDTYXBM.txt [ /revsci.net ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\ESZUMEDP.txt [ Cookie:fran@www.google.com/accounts ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\UPHA0QGD.txt [ Cookie:fran@adsonar.com/adserving ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\fran@www.cnn[1].txt [ Cookie:fran@www.cnn.com/2011/TECH/social.media/06/03/weinergate.twitter.insights/index.html ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\NPJ43O8K.txt [ Cookie:fran@blogs.babble.com/being-pregnant/wp-content/plugins/pixelstats/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@adserver1.synapseip[1].txt [ Cookie:fran@adserver1.synapseip.tv/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NL2O3YN4.txt [ Cookie:fran@yieldmanager.net/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@tribalfusion[2].txt [ Cookie:fran@tribalfusion.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@nextag[1].txt [ Cookie:fran@nextag.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T8IW889Y.txt [ Cookie:fran@adxpose.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@at.atwola[2].txt [ Cookie:fran@at.atwola.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ar.atwola[1].txt [ Cookie:fran@ar.atwola.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SK5GW3UR.txt [ Cookie:fran@adbrite.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RL4UNX22.txt [ Cookie:fran@kontera.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1FFQGY3P.txt [ Cookie:fran@lfstmedia.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RB6A3HJ7.txt [ Cookie:fran@www.googleadservices.com/pagead/conversion/1008912531/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@segment-pixel.invitemedia[1].txt [ Cookie:fran@segment-pixel.invitemedia.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5OXRZIN9.txt [ Cookie:fran@www.bizrate.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LSRZKWCE.txt [ Cookie:fran@ad.yieldmanager.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@www.discountschoolsupply[1].txt [ Cookie:fran@www.discountschoolsupply.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z0MRUYHC.txt [ Cookie:fran@vitacost.122.2o7.net/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ru4[1].txt [ Cookie:fran@ru4.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X9WA62L5.txt [ Cookie:fran@questionmarket.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@citi.bridgetrack[2].txt [ Cookie:fran@citi.bridgetrack.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7PE23L1I.txt [ Cookie:fran@ads.pointroll.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\H16Z68CC.txt [ Cookie:fran@revsci.net/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@adsonar[2].txt [ Cookie:fran@adsonar.com/adserving ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@content.yieldmanager[3].txt [ Cookie:fran@content.yieldmanager.com/ak/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@tacoda.at.atwola[1].txt [ Cookie:fran@tacoda.at.atwola.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@pointroll[2].txt [ Cookie:fran@pointroll.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\L2Y1JQP2.txt [ Cookie:fran@gsimedia.net/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4X81MPNB.txt [ Cookie:fran@www.googleadservices.com/pagead/conversion/1069745105/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CJXFS2A2.txt [ Cookie:fran@bizrate.com/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\31RJ0LCC.txt [ Cookie:fran@www.googleadservices.com/pagead/conversion/1001085065/ ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BXRTQFHA.txt [ Cookie:fran@www.google.com/accounts ]
C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@CAWNRG0C.txt [ Cookie:fran@google.com/support/accounts/ ]
C:\USERS\FRAN\Cookies\7XV2MRV9.txt [ Cookie:fran@in.getclicky.com/ ]
C:\USERS\FRAN\Cookies\ESZUMEDP.txt [ Cookie:fran@www.google.com/accounts ]
C:\USERS\FRAN\Cookies\2QDJAATK.txt [ Cookie:fran@adbrite.com/ ]
C:\USERS\FRAN\Cookies\UPHA0QGD.txt [ Cookie:fran@adsonar.com/adserving ]
C:\USERS\FRAN\Cookies\IB5AOUTP.txt [ Cookie:fran@pro-market.net/ ]
C:\USERS\FRAN\Cookies\fran@www.cnn[1].txt [ Cookie:fran@www.cnn.com/2011/TECH/social.media/06/03/weinergate.twitter.insights/index.html ]
C:\USERS\FRAN\Cookies\EUKW6RZ9.txt [ Cookie:fran@questionmarket.com/ ]
C:\USERS\FRAN\Cookies\GQ27U0X5.txt [ Cookie:fran@ads.pointroll.com/ ]
C:\USERS\FRAN\Cookies\F2FSWV9K.txt [ Cookie:fran@bs.serving-sys.com/ ]
C:\USERS\FRAN\Cookies\IX0A5L8V.txt [ Cookie:fran@content.yieldmanager.com/ak/ ]
C:\USERS\FRAN\Cookies\TJIQ1FRD.txt [ Cookie:fran@pointroll.com/ ]
C:\USERS\FRAN\Cookies\1D8CVYTA.txt [ Cookie:fran@2o7.net/ ]
C:\USERS\FRAN\Cookies\5PE4ECCD.txt [ Cookie:fran@tribalfusion.com/ ]
C:\USERS\FRAN\Cookies\STWEYJ0B.txt [ Cookie:fran@liveperson.net/hc/LPneimanmarcus ]
C:\USERS\FRAN\Cookies\VHDUH9ZI.txt [ Cookie:fran@adxpose.com/ ]
C:\USERS\FRAN\Cookies\KYTF029T.txt [ Cookie:fran@mediabrandsww.com/ ]
C:\USERS\FRAN\Cookies\KPDK3KS6.txt [ Cookie:fran@at.atwola.com/ ]
C:\USERS\FRAN\Cookies\7QTGDBSZ.txt [ Cookie:fran@kontera.com/ ]
C:\USERS\FRAN\Cookies\GM14E5HI.txt [ Cookie:fran@lfstmedia.com/ ]
C:\USERS\FRAN\Cookies\7ET8F4PB.txt [ Cookie:fran@realmedia.com/ ]
C:\USERS\FRAN\Cookies\ESZIXYZ8.txt [ Cookie:fran@akamai.interclickproxy.com/ ]
C:\USERS\FRAN\Cookies\WTGYOPF9.txt [ Cookie:fran@adtech.de/ ]
C:\USERS\FRAN\Cookies\C8HFBB5V.txt [ Cookie:fran@ru4.com/ ]
C:\USERS\FRAN\Cookies\OQM6M3XU.txt [ Cookie:fran@adform.net/ ]
C:\USERS\FRAN\Cookies\QTM7NLEA.txt [ Cookie:fran@amazon-adsystem.com/ ]
C:\USERS\FRAN\Cookies\73Q4NN3M.txt [ Cookie:fran@www.burstbeacon.com/ ]
C:\USERS\FRAN\Cookies\YLAZVGUU.txt [ Cookie:fran@adserver.adtechus.com/ ]
C:\USERS\FRAN\Cookies\TJZZNDUC.txt [ Cookie:fran@kaspersky.122.2o7.net/ ]
C:\USERS\FRAN\Cookies\HFFS5L86.txt [ Cookie:fran@tracking.livingsocial.com/ ]
C:\USERS\FRAN\Cookies\WCXJ95L5.txt [ Cookie:fran@tracking.quisma.com/ ]
C:\USERS\FRAN\Cookies\S78XEJI2.txt [ Cookie:fran@gsimedia.net/ ]
C:\USERS\FRAN\Cookies\EZ5H1D1F.txt [ Cookie:fran@ad.yieldmanager.com/ ]
C:\USERS\FRAN\Cookies\0M9TR1Z1.txt [ Cookie:fran@www.discountmags.com/ ]
C:\USERS\FRAN\Cookies\L2YR4S2T.txt [ Cookie:fran@discountmags.com/ ]
C:\USERS\FRAN\Cookies\0YW3QAHQ.txt [ Cookie:fran@liveperson.net/ ]
C:\USERS\FRAN\Cookies\ZHCUHS76.txt [ Cookie:fran@amznshopbop.122.2o7.net/ ]
C:\USERS\FRAN\Cookies\OUAO47HP.txt [ Cookie:fran@c.gigcount.com/ ]
C:\USERS\FRAN\Cookies\6XTWTK5D.txt [ Cookie:fran@paypal.112.2o7.net/ ]
C:\USERS\FRAN\Cookies\59GP586N.txt [ Cookie:fran@yadro.ru/ ]
C:\USERS\FRAN\Cookies\SPDYF5RV.txt [ Cookie:fran@stats.paypal.com/ ]
C:\USERS\FRAN\Cookies\NPJ43O8K.txt [ Cookie:fran@blogs.babble.com/being-pregnant/wp-content/plugins/pixelstats/ ]
C:\USERS\FRAN\Cookies\3XDTYXBM.txt [ Cookie:fran@revsci.net/ ]
ad.insightexpressai.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CM6WHWZA ]
content.oddcast.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CM6WHWZA ]
ia.media-imdb.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CM6WHWZA ]
media15.onsugar.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CM6WHWZA ]
C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@LUCIDMEDIA[1].TXT [ /LUCIDMEDIA ]
 
Okay, let's get control of those Tracking Cookies: On account for 'fran' or 'FRAN':

Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
=================================
Please give me an update on how the system is working now.
 
Status
Not open for further replies.
Back