TechSpot

Please help: Search results redirected by malware

By Seanj
Jan 27, 2012
  1. Hello all,

    My firefox 9.0.01 search results are being redirected through webplains then click to get answers and finally a page filled with advertisements such as click sour. This happens in google, yahoo, and bing.

    Internet explorer appears to be working fine. I am running windows vista which came with McAfee antivirus software. McAfee can't locate the infection. Per your instructions here are my first two logs

    Malwarebytes AntiMalware log

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.27.04

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Charles McGehee :: CHARLESMCGEH-PC [administrator]

    Protection: Disabled

    1/27/2012 12:07:57 PM
    mbam-log-2012-01-27 (12-07-57).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 216735
    Time elapsed: 11 minute(s), 32 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Here is my Gamer Log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-27 12:57:28
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320320AS rev.DE05
    Running: 1khzznhi.exe; Driver: C:\Users\CHARLE~1\AppData\Local\Temp\kwrcrkod.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x83043498]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x830434C2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x830434AE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x83043484]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----

    DDS LOGS

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Charles McGehee at 13:08:20 on 2012-01-27
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3030.1966 [GMT -6:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Workspace\offSyncService.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\program files\common files\protexis\license service\psiservice_2.exe
    C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Workspace\workspaceupdate.exe
    C:\Program Files\Workspace\wben.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://google.com/
    uWindow Title = Internet Explorer provided by Dell
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081225
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyServer = http=127.0.0.1:80
    uInternet Settings,ProxyOverride = *.local;<local>
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mSearchAssistant = hxxp://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
    uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
    BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111220184827.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [AdobeBridge]
    uRun: [Adobe Acrobat Synchronizer] "c:\program files\adobe\acrobat 10.0\acrobat\AdobeCollabSync.exe"
    uRun: [Starfield Updater] "c:\program files\workspace\workspaceupdate.exe"
    uRun: [wben] "c:\program files\workspace\wben.exe"
    uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
    mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\charle~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: Web-Based Email Tools - hxxp://email06.secureserver.net/Download.CAB
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D9E80164-02E5-4747-BB86-F87C6E450FDF} : DhcpNameServer = 192.168.15.1
    TCP: Interfaces\{DDA19515-77C5-47EA-A9D8-0B1064CC34E2} : DhcpNameServer = 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\charles mcgehee\appdata\roaming\mozilla\firefox\profiles\iad8cnbd.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111231123641249&tb_oid=31-12-2011&tb_mrud=31-12-2011
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://google.com
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20111231123641249&tb_oid=31-12-2011&tb_mrud=31-12-2011&query=
    FF - prefs.js: network.proxy.ftp_port - 90
    FF - prefs.js: network.proxy.gopher_port - 90
    FF - prefs.js: network.proxy.http_port - 90
    FF - prefs.js: network.proxy.socks_port - 90
    FF - prefs.js: network.proxy.ssl_port - 90
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
    FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
    FF - plugin: c:\program files\screen sharing plug-in\npcnwplugin.dll
    FF - plugin: c:\users\charles mcgehee\appdata\roaming\mozilla\plugins\npoff.dll
    FF - plugin: c:\users\charles mcgehee\appdata\roaming\mozilla\plugins\npoff.dll
    FF - plugin: c:\users\charles mcgehee\appdata\roaming\mozilla\plugins\npwbe.dll
    FF - plugin: c:\users\charles mcgehee\appdata\roaming\mozilla\plugins\npwbe.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-14 464176]
    R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-11-25 25232]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-14 64880]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-14 165680]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f091b975\AEstSrv.exe [2008-12-25 73728]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
    R2 File Backup;File Backup Service;c:\program files\workspace\offSyncService.exe [2011-9-20 1187600]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-27 652872]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-14 166288]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-14 160608]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-14 150856]
    R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-14 57600]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-25 113664]
    R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-12-25 203264]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-27 20464]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-14 180816]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-14 338176]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
    R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-14 59456]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-14 87656]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
    .
    =============== Created Last 30 ================
    .
    2012-01-27 18:04:57 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-27 18:04:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-26 16:52:26 -------- d-----w- c:\program files\Muse
    2012-01-21 05:40:30 -------- d-----w- c:\program files\RSS Submit
    2012-01-13 01:21:29 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-01-13 01:21:16 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-13 01:21:01 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-13 01:20:53 377344 ----a-w- c:\windows\system32\winhttp.dll
    2012-01-13 01:20:35 72704 ----a-w- c:\windows\system32\secur32.dll
    2012-01-13 01:20:23 9728 ----a-w- c:\windows\system32\lsass.exe
    2012-01-11 13:48:51 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-01-11 13:48:38 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-01-11 13:48:10 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 13:47:54 66560 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 13:47:38 376320 ----a-w- c:\windows\system32\winsrv.dll
    2012-01-11 13:47:29 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-01-11 13:47:07 1314816 ----a-w- c:\windows\system32\quartz.dll
    2012-01-11 13:46:54 497152 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-09 15:59:28 -------- d-----w- c:\program files\facemoods.com
    2012-01-02 04:50:54 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
    2012-01-02 04:50:53 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
    2012-01-02 04:50:53 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
    2012-01-02 04:50:53 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
    2011-12-31 12:37:19 -------- d-----w- c:\programdata\AIM Toolbar
    2011-12-31 12:37:19 -------- d-----w- c:\program files\AIM Toolbar
    2011-12-31 12:37:10 -------- d-----w- c:\users\charles mcgehee\appdata\local\AIM
    2011-12-31 12:37:09 -------- d-----w- c:\users\charles mcgehee\appdata\local\AOL
    2011-12-31 12:36:46 -------- d-----w- c:\program files\common files\Software Update Utility
    2011-12-31 12:36:27 -------- d-----w- c:\programdata\AIM
    2011-12-31 12:36:13 -------- d-----w- c:\program files\AIM
    2011-12-31 12:36:06 -------- d-----w- c:\program files\common files\AOL
    2011-12-30 02:17:35 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
    .
    ==================== Find3M ====================
    .
    2011-12-02 20:15:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-04 10:00:38 348160 ----a-w- c:\windows\system32\3ef99b402a2af762a8f33445e8ae1013.szcpf
    2011-11-04 04:23:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 13:09:23.71 ===============


    DD Attach Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 12/25/2008 8:21:32 AM
    System Uptime: 1/27/2012 10:47:45 AM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 0P173H
    Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | U2E1 | 2000/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 288 GiB total, 94.306 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 4.222 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e97b-e325-11ce-bfc1-08002be10318}
    Description: MagicISO SCSI Host Controller
    Device ID: ROOT\SCSIADAPTER\0000
    Manufacturer: MagicISO, Inc.
    Name: MagicISO SCSI Host Controller
    PNP Device ID: ROOT\SCSIADAPTER\0000
    Service: mcdbus
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    1.3.0.1
    7-Zip 9.20
    ACT! by Sage 2008 (10.0)
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Audition CS5.5
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles AE CS4
    Adobe Color Video Profiles CS CS4
    Adobe Community Help
    Adobe Content Viewer
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS5.5
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS5
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Flash Professional CS5.5
    Adobe Fonts All
    Adobe Illustrator CS5.1
    Adobe InDesign CS5.5
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Premiere Elements 7.0
    Adobe Premiere Elements 7.0 Templates
    Adobe Presenter 7
    Adobe Reader 9.4.7
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Story
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Visual Communicator 3
    Adobe Widget Browser
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Advanced Audio FX Engine
    AIM 7
    AOL Messaging Toolbar
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Article Marketing Robot
    Audacity 1.3.12 (Unicode)
    Banctec Service Agreement
    Bonjour
    Browser Address Error Redirector
    Camtasia Studio 7
    CCleaner
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Click to Call with Skype
    Connect
    Copernic Agent Personal
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell-eBay
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Touchpad
    Dell Video Chat (remove only)
    Dell Webcam Central
    Dell Wireless WLAN Card Utility
    Download Updater (AOL LLC)
    Dramatica Pro 4.0
    Dramatica Pro Story Wizard
    EDocs
    Facemoods Toolbar
    FileZilla Client 3.5.3
    Final Draft
    Free Audio Converter version 2.1
    Free File Viewer 2011
    Google AdWords Editor
    GoToAssist 8.0.0.514
    GoToMeeting 4.8.0.723
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    InstallIQ Updater
    Integrated Webcam Driver (1.06.03.0309)
    Intel(R) Graphics Media Accelerator Driver
    ITECIR Driver
    iTunes
    Java(TM) 6 Update 7
    jZip
    Keyword Pad v1.0.112706
    kuler
    LAME v3.98.3 for Audacity
    Live! Cam Avatar Creator
    Magic Article Rewriter
    Magic Article Submitter
    Magic Tokens Database 2.0
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.60.0.1800
    McAfee SecurityCenter
    MediaDirect
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Advertising Intelligence
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (ACT7)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ Run Time Lib Setup
    Microsoft Web Platform Installer 3.0
    Microsoft XML Parser
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Muse (code name)
    Notepad++
    PDF Settings CS4
    PDF Settings CS5
    Photodex Presenter
    Photoshop Camera Raw
    Pixel Bender Toolkit
    Podcast Plug-in for RSS Submit v1.0
    ProShow Producer
    Proxy Goblin
    QuickSet
    QuickTime
    Revo Uninstaller 1.93
    Robin Good's RSSTop55 Plug-in for RSS Submit v1.2
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    RSS Submit RSS Submit SEO Expansion Pack v1.0
    RSS Submit v3.0
    S3 Ripper 1.3
    Sales and Marketing Pro
    Screen Sharing Plug-in
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    SENukeUpdate
    Skype™ 5.5
    SmartSound Quicktracks for Premiere Elements
    Suite Shared Configuration CS4
    Toolbar Cleaner 1.0
    Traffic Travis 3.3.21
    Tube Spy
    TweetAttacks
    TweetDeck
    Uninstall 1.0.0.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Viewet
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
    Windows Live ID Sign-in Assistant
    Windows Media Player Firefox Plugin
    Workspace Desktop
    YouTube Downloader 3.4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/27/2012 10:52:29 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00225F5D2ACC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    1/27/2012 1:02:27 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00225F5D2ACC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    1/23/2012 1:28:48 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00225F5D2ACC has been denied by the DHCP server 10.10.104.1 (The DHCP Server sent a DHCPNACK message).
    1/22/2012 4:41:44 AM, Error: EventLog [6008] - The previous system shutdown at 4:38:48 AM on 1/22/2012 was unexpected.
    1/21/2012 1:20:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    1/21/2012 1:20:31 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/21/2012 1:19:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    1/20/2012 10:18:41 AM, Error: EventLog [6008] - The previous system shutdown at 10:16:31 AM on 1/20/2012 was unexpected.
    .
    ==== End Of File ===========================

    Thank you for you're time and consideration, your effort is greatly appreciated

    Sean J
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll be glad to help with the malware.

    I see a couple of problems in the current logs. Please go ahead and do the following: There is a proxy set in Firefox- this might help that:

    Reset your browser proxies
    • For Firefox:
      o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
      o Click on the "Network" tab, and then on the "Settings" button.
      o Please make sure that the "No Proxy" option is selected.
    • For Internet Explorer:
      o Open Internet Explorer.
      o Click on "Tools" and then select "Internet Options".
      o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
      o Uncheck "Use a Proxy server for your LAN".
      o Click Ok to close the Local Area Network (LAN) Settings window.
      o Click Ok to close the Internet Options window.
    =============================
    There is also another problem that you can start working on: You installed Facemods to put smiley faces on Facebook. It gave you a Facemods Toolbar This is not malware. It is called 'foistware.' It is installed without your knowledge or permission.

    There are a lot of unhappy Facebook members dealing with this. Like ll foistware, it's sometimes easier to prevent that remove!

    Uninstall Program
    1. Go to the Start> Control Panel> Uninstall a Program.
    2. Search for Facemoods Toolbar in the list.
    3. Select the program and click Uninstall up near the top of that window.
    4. Once done, use Windows Explorer to access Computer> Local Drive> Programs> Find the Facemods folder and do a right click> Delete.
    5. Then reboot

    You may also need to do the following:

    Remove Facemoods Toolbar in Internet Explorer:
    1. Open Internet Explorer. Go to Tools → Manage Add-ons.
    2. Select Toolbars and Extensions. Uninstall everything related to Facemoods from the list: Facemoods toolbar, facemoods.com, etc.
    3. Select Facemoods Search and click Remove button to uninstall it (lower right corner of the window).
    ----------------------------------
    Remove Facemoods Toolbar in Mozilla Firefox:
    1. Open Firefox> Tools> Add-ons.
    2. Select Extensions/Plugins> Highlight Facemoods> click Uninstall.
    (Note: the entry may read fcmdSrch)
    3. Go to Tools> Options> General tab reset the startup homepage.
    ------------------------
    There will be other entries. I will remove them with script ou will run through Combofix. I'll set that up after you run the program and I review the log.
    =========================================
    Then run Combofix: Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =====================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =======================================
    Plese leave Combofix log and Eset scan log in next reply.
    ======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This is the same machine in your previous thread about Facemods????

    http://www.techspot.com/vb/topic176727.html

    Once confirmed yes, I will delete this thread. Everything for the sme probelem goes on the same threads
     
  4. Seanj

    Seanj TS Rookie Topic Starter

    I followed your instructions and removed facemods from my system

    here are my combo fix log and Eset scan

    Combo Fix Log


    ComboFix 12-01-27.01 - Charles McGehee 01/27/2012 16:54:09.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3030.2016 [GMT -6:00]
    Running from: C:\Users\Charles McGehee\Contacts\Desktop\Tips & Tricks\virus removal logs\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Search Toolbar
    C:\Program Files\Search Toolbar\icon.ico
    C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe
    C:\Users\Charles McGehee\AppData\Local\assembly\tmp
    C:\Users\Charles McGehee\AppData\Roaming\DataSafeDotNet.exe
    C:\Users\Charles McGehee\AppData\Roaming\EurekaLog
    C:\Users\Charles McGehee\AppData\Roaming\EurekaLog\EurekaLog.ini
    C:\Users\Charles McGehee\AppData\Roaming\Microsoft\Windows\Recent\Protect Videos & Other Files On Amazon - S3FlowShield offers true protection for your videos and other files stored on Amazon S3. Includes a custom Flash.url
    C:\Users\Charles McGehee\g2mdlhlpx.exe
    C:\Users\Charles McGehee\GoToAssistDownloadHelper.exe
    C:\Windows\system32\~GLH000a.TMP
    C:\Windows\system32\~GLH000b.TMP
    C:\Windows\system32\drivers\etc\hosts.txt


    ((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))


    2012-01-27 23:06:43 . 2012-01-27 23:06:43 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp
    2012-01-27 23:06:43 . 2012-01-27 23:06:43 -------- d-----w- C:\Users\RA Media Server\AppData\Local\temp
    2012-01-27 23:06:43 . 2012-01-27 23:06:43 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2012-01-27 18:04:57 . 2011-12-10 21:24:06 20464 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2012-01-27 18:04:55 . 2012-01-27 18:05:28 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2012-01-26 16:52:26 . 2012-01-26 16:52:27 -------- d-----w- C:\Program Files\Muse
    2012-01-21 05:40:30 . 2012-01-21 06:27:12 -------- d-----w- C:\Program Files\RSS Submit
    2012-01-13 01:21:29 . 2011-11-16 16:23:05 278528 ----a-w- C:\Windows\system32\schannel.dll
    2012-01-13 01:21:16 . 2011-11-17 06:48:37 440192 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
    2012-01-13 01:21:01 . 2011-11-16 16:21:57 1259008 ----a-w- C:\Windows\system32\lsasrv.dll
    2012-01-13 01:20:53 . 2011-11-16 16:23:44 377344 ----a-w- C:\Windows\system32\winhttp.dll
    2012-01-13 01:20:35 . 2011-11-16 16:23:08 72704 ----a-w- C:\Windows\system32\secur32.dll
    2012-01-13 01:20:23 . 2011-11-16 14:12:25 9728 ----a-w- C:\Windows\system32\lsass.exe
    2012-01-11 13:48:51 . 2011-10-14 16:03:25 189952 ----a-w- C:\Windows\system32\winmm.dll
    2012-01-11 13:48:38 . 2011-10-14 16:00:23 23552 ----a-w- C:\Windows\system32\mciseq.dll
    2012-01-11 13:48:10 . 2011-11-18 20:23:34 1205064 ----a-w- C:\Windows\system32\ntdll.dll
    2012-01-11 13:47:54 . 2011-11-18 17:47:03 66560 ----a-w- C:\Windows\system32\packager.dll
    2012-01-11 13:47:38 . 2011-11-25 15:59:48 376320 ----a-w- C:\Windows\system32\winsrv.dll
    2012-01-11 13:47:29 . 2011-12-01 15:21:18 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
    2012-01-11 13:47:07 . 2011-10-25 15:58:55 1314816 ----a-w- C:\Windows\system32\quartz.dll
    2012-01-11 13:46:54 . 2011-10-25 15:58:54 497152 ----a-w- C:\Windows\system32\qdvd.dll
    2012-01-02 04:50:54 . 2012-01-02 04:50:54 43992 ----a-w- C:\Program Files\Mozilla Firefox\mozutils.dll
    2012-01-02 04:50:53 . 2012-01-02 04:50:53 626688 ----a-w- C:\Program Files\Mozilla Firefox\msvcr80.dll
    2012-01-02 04:50:53 . 2012-01-02 04:50:53 548864 ----a-w- C:\Program Files\Mozilla Firefox\msvcp80.dll
    2012-01-02 04:50:53 . 2012-01-02 04:50:53 479232 ----a-w- C:\Program Files\Mozilla Firefox\msvcm80.dll
    2011-12-31 12:37:20 . 2011-12-31 12:39:40 -------- d-----w- C:\Users\Charles McGehee\AppData\Roaming\acccore
    2011-12-31 12:37:19 . 2011-12-31 12:37:35 -------- d-----w- C:\Program Files\AIM Toolbar
    2011-12-31 12:37:19 . 2011-12-31 12:37:19 -------- d-----w- C:\ProgramData\AIM Toolbar
    2011-12-31 12:37:10 . 2011-12-31 12:37:14 -------- d-----w- C:\Users\Charles McGehee\AppData\Local\AIM
    2011-12-31 12:37:09 . 2011-12-31 12:37:09 -------- d-----w- C:\Users\Charles McGehee\AppData\Local\AOL
    2011-12-31 12:36:46 . 2011-12-31 12:36:46 -------- d-----w- C:\Program Files\Common Files\Software Update Utility
    2011-12-31 12:36:27 . 2011-12-31 12:36:27 -------- d-----w- C:\ProgramData\AIM
    2011-12-31 12:36:13 . 2011-12-31 12:36:25 -------- d-----w- C:\Program Files\AIM
    2011-12-31 12:36:06 . 2011-12-31 12:36:06 -------- d-----w- C:\Program Files\Common Files\AOL
    2011-12-30 02:17:35 . 2011-12-30 02:17:35 677136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2011-12-02 20:15:45 . 2011-05-13 11:43:38 414368 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:37:27 . 2011-12-15 01:24:50 2043904 ----a-w- C:\Windows\system32\win32k.sys
    2011-11-08 14:42:19 . 2011-12-15 01:24:34 2048 ----a-w- C:\Windows\system32\tzres.dll
    2011-11-04 12:10:43 . 2011-11-04 12:10:43 388096 ----a-r- C:\Users\Charles McGehee\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-04 10:00:38 . 2011-11-04 10:00:38 348160 ----a-w- C:\Windows\system32\3ef99b402a2af762a8f33445e8ae1013.szcpf
    2011-11-04 04:23:03 . 2008-12-25 20:51:44 348160 ----a-w- C:\Windows\system32\msvcr71.dll
    2011-11-03 22:47:42 . 2011-12-15 09:05:59 1798144 ----a-w- C:\Windows\system32\jscript9.dll
    2011-11-03 22:40:21 . 2011-12-15 09:05:56 1427456 ----a-w- C:\Windows\system32\inetcpl.cpl
    2011-11-03 22:39:47 . 2011-12-15 09:06:00 1127424 ----a-w- C:\Windows\system32\wininet.dll
    2011-11-03 22:31:57 . 2011-12-15 09:06:01 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
    2012-01-02 04:50:53 . 2011-11-06 12:21:05 121816 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
    "Adobe Acrobat Synchronizer"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2011-09-05 17:05:08 1240992]
    "Starfield Updater"="C:\Program Files\Workspace\workspaceupdate.exe" [2011-11-21 23:25:13 34496]
    "wben"="C:\Program Files\Workspace\wben.exe" [2011-12-21 14:34:28 368368]
    "Aim"="C:\Program Files\AIM\aim.exe" [2011-05-03 15:43:14 4321112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2008-07-17 12:00:18 196608]
    "Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2008-08-05 12:17:20 3563520]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2008-01-14 16:13:02 132392]
    "Act.Outlook.Service"="C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe" [2008-02-22 00:39:50 9728]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 22:58:10 37296]
    "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-29 22:38:18 421888]
    "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2011-11-22 23:18:26 1318816]
    "Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 17:04:58 36760]
    "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 17:04:58 2904984]
    "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 22:42:18 499608]
    "SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 18:37:14 517096]
    "AdobeCS5.5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 12:08:56 1523360]
    "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 19:54:26 91520]
    "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 12:22:28 59240]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-10-09 23:06:40 421736]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2011-02-12 01:26:32 137752]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2011-02-12 01:26:26 171032]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2011-02-12 01:26:30 172568]
    "AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 12:52:50 611712]
    "Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 23:50:18 460872]

    C:\Users\Charles McGehee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

    C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-12-25 20:56:45 10536 ----a-w- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 10:22:56 73728]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk01

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
    2011-07-05 16:26:04 435976 ----a-w- C:\Program Files\SFT\GuardedID\GIDI.exe

    Contents of the 'Scheduled Tasks' folder

    2012-01-27 C:\Windows\Tasks\Free File Viewer Update Checker.job
    - C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [2011-01-06 19:13:33 . 2011-02-05 21:50:30]


    ------- Supplementary Scan -------

    uStart Page = hxxp://google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:80
    uInternet Settings,ProxyOverride = *.local;<local>
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Web-Based Email Tools - hxxp://email06.secureserver.net/Download.CAB
    FF - ProfilePath - C:\Users\Charles McGehee\AppData\Roaming\Mozilla\Firefox\Profiles\iad8cnbd.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111231123641249&tb_oid=31-12-2011&tb_mrud=31-12-2011
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://google.com
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20111231123641249&tb_oid=31-12-2011&tb_mrud=31-12-2011&query=
    FF - prefs.js: network.proxy.ftp_port - 90
    FF - prefs.js: network.proxy.gopher_port - 90
    FF - prefs.js: network.proxy.http_port - 90
    FF - prefs.js: network.proxy.socks_port - 90
    FF - prefs.js: network.proxy.ssl_port - 90
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false

    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-AdobeBridge - (no file)
    SafeBoot-66937918.sys
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe


    Eset Scan

    C:\Users\Charles McGehee\Downloads\Chess+Wizard.exe MSIL/Solimba application

    Thanks for your time and effort

    Sean

    PS. should I uninstall malwarebytes anti malware, gamer, and dds from my system now
     
  5. Seanj

    Seanj TS Rookie Topic Starter

    Response to your question

    This is the same machine in your previous thread about Facemods????

    http://www.techspot.com/vb/topic176727.html

    Once confirmed yes, I will delete this thread. Everything for the sme probelem goes on the same threads

    This is my first time posting here, the above is not my thread
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry bout that! I was helping 2 members who both came up with Facemods and the user names are very close. I have it straight now.
    ----------------------------------
    For the Eset entry: Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Users\Charles McGehee\Downloads\Chess+Wizard.exe 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =====================================
    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download.

    Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system. ( You have Java v6u7. The current version is v6u30. That is a vulnerability to the system.
    ===================================
    Firefox Keyword Reset:

    • [1]. Open FireFox and instead of a url, type about:config in the Address Bar.
      [2]. Firefox will give you a warning, but go in anyway.
      [3]. Locate the keyword.url line. It should look like the image below.
      [​IMG]
      [4]. Right click on keyword.url, then select Reset
    --------------
    I am resetting the homepge and search page in Firefox to the defaults. The redirect is mainly coming from a setting in it.
    ==================================
    Please go on to the next reply.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please be sure to disable all of these before running the sript. They are all enabled and should have been disabled to run Combofix:
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated
    FW: McAfee Firewall *Enabled*
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated*
    SP: STOPzilla Anti-Spyware *Enabled/
    ------------------------------
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    C:\Windows\system32\3ef99b402a2af762a8f33445e8ae1013.szcpf
    Folder::
    C:\Windows\system32\config\systemprofile\AppData\Local\temp
    C:\Users\RA Media Server\AppData\Local\temp
    C:\Users\Default\AppData\Local\temp
    C:\Program Files\AIM Toolbar
    C:\ProgramData\AIM Toolbar
    C:\Users\Charles McGehee\AppData\Local\AIM
    C:\ProgramData\AIM
    C:\Program Files\AIM
    Extra::
    File:: 
    Firefox:: 
    Firefox-: - Profile - C:\Users\Charles McGehee\AppData\Roaming\Mozilla\Firefox\Profiles\iad8cnbd.default\
    Firefox-: prefs.js -Search.DefaultURL
    Firefox-: prefs:js - Startup.Homepage
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:80
    mSearchAssistant = hxxp://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
    uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
    BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
    BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
    mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    =========================================
    Removed: AIM Toolbar Search Class aimtb.dll AIM Toolbar, a pre-checked Search changer
    -----------------------------------------------
    C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe I did not put this in the scrupt but I strongly recommend that you Stop the Scheduled Task and remove the program:
    "Monitoring website changes with UpdatePatrol- Website updates are out of your control. You have no idea what changes could be being made to your favorite websites right now, and no way of finding out."
    There is a high potential for getting adware, script, or having system conflicts when you go to access a 'changed' webpage.' Basically it's checking all of your Favorites/Bookmarks for updates. This presents added internet traffic and use of your system resources.
    ======================================
    Please uninstall the HijackThis you have now. Then set up as follows:
    First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.
    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ============================================
    About Foxy Proxy: do you know how this works? Do you know how to set it? Do you need it?
    ===========================================
    Logs in next reply: After running OTM, Combofix, HijackThis.
     
  8. Seanj

    Seanj TS Rookie Topic Starter

    otm Moveit Log

    ll processes killed
    ========== FILES ==========
    File/Folder C:\Users\Charles McGehee\Downloads\Chess+Wizard.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Charles McGehee
    ->Temp folder emptied: 112645418 bytes
    ->Temporary Internet Files folder emptied: 2498729 bytes
    ->Java cache emptied: 4799926 bytes
    ->FireFox cache emptied: 49534698 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 60334 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56543 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: RA Media Server
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: TEMP

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 37376 bytes
    Windows Temp folder emptied: 57070 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51198 bytes
    RecycleBin emptied: 40427582 bytes

    Total Files Cleaned = 200.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 01292012_213837

    Files moved on Reboot...

    Registry entries deleted on Reboot...

    I uninstalled Java v6u7 and installed v6u30

    I reset Firefox Keyword URL



    I ran Custom CFScript here is new combofix txt log

    ComboFix 12-01-27.01 - Charles McGehee 01/29/2012 22:28:31.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3030.2045 [GMT -6:00]
    Running from: C:\Users\Charles McGehee\Contacts\Desktop\Tips & Tricks\virus removal logs\ComboFix.exe
    Command switches used :: C:\Users\Charles McGehee\Contacts\Desktop\Tips & Tricks\virus removal logs\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point

    FILE ::
    "C:\Windows\system32\3ef99b402a2af762a8f33445e8ae1013.szcpf"


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\AIM Toolbar
    C:\Program Files\AIM Toolbar\aimtb.dll
    C:\Program Files\AIM Toolbar\aimtbServer.exe
    C:\Program Files\AIM Toolbar\aimtbServerPS.dll
    C:\Program Files\AIM Toolbar\install.log
    C:\Program Files\AIM Toolbar\uninstall.exe
    C:\Program Files\AIM Toolbar\xprt6.dll
    C:\Program Files\AIM
    C:\Program Files\AIM\acccore.dll
    C:\Program Files\AIM\aim.bin
    C:\Program Files\AIM\aim.exe
    C:\Program Files\AIM\config.xml
    C:\Program Files\AIM\content.aba
    C:\Program Files\AIM\coolcore61.dll
    C:\Program Files\AIM\defaults.xml
    C:\Program Files\AIM\en-us.aba
    C:\Program Files\AIM\install.log
    C:\Program Files\AIM\isAim.dll
    C:\Program Files\AIM\jga0tlk.dll
    C:\Program Files\AIM\jga1tlk.dll
    C:\Program Files\AIM\jgattlk.dll
    C:\Program Files\AIM\jgedtlk.dll
    C:\Program Files\AIM\jgs2tlk.dll
    C:\Program Files\AIM\jgs3tlk.dll
    C:\Program Files\AIM\jgs6tlk.dll
    C:\Program Files\AIM\jgs7tlk.dll
    C:\Program Files\AIM\jgsetlk.dll
    C:\Program Files\AIM\jgtktlk.dll
    C:\Program Files\AIM\Microsoft.VC90.CRT.manifest
    C:\Program Files\AIM\migrator.exe
    C:\Program Files\AIM\msvcp90.dll
    C:\Program Files\AIM\msvcr90.dll
    C:\Program Files\AIM\nspr4.dll
    C:\Program Files\AIM\nss3.dll
    C:\Program Files\AIM\nssckbi.dll
    C:\Program Files\AIM\pb_videoconf.dll
    C:\Program Files\AIM\plc4.dll
    C:\Program Files\AIM\plds4.dll
    C:\Program Files\AIM\post.ini
    C:\Program Files\AIM\rbm.exe
    C:\Program Files\AIM\services\imApp\aim_en-US.ico
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\html\Emoticals_bitmap.swf
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\AIMHelp.chm
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\buddyin.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\buddyout.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\cashregister.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\dooropen.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\doorslam.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\imrcv.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\imsend.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\IncomingCall.mp3
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\jumplist_bullet.ico
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\logoFolder.ico
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\moo.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\newalert.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\newmail.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\panelchange1.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\phone.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\PhoneRingInternal.mp3
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\ring.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\talkbeg.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\talkend.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\talkstop.wav
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\themes.xml
    C:\Program Files\AIM\services\imApp\ver7_5_11_9\resources\en-US\tips.xml
    C:\Program Files\AIM\sipXmediaLib.dll
    C:\Program Files\AIM\sipXtapi.dll
    C:\Program Files\AIM\smime3.dll
    C:\Program Files\AIM\softokn3.dll
    C:\Program Files\AIM\ssl3.dll
    C:\Program Files\AIM\uninst.exe
    C:\Program Files\AIM\xprt6.dll
    C:\ProgramData\AIM Toolbar
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\aimtb.cfg
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\buttons\defaultButtons.xml
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\rss\bullet.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\rss\qap.js
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\rss\rss.css
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\rss\rss.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\rss\rss.js
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\00.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\01.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\02.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\03.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\04.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\05.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\06.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\07.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\08.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\09.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\about.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\addbuddybutton.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\addcustombutton.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\ani_media_icon.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\blocker.js
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\blue_input_down_0.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\blue_input_down_1.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\blue_input_down_2.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\blue_input_normal_0.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\blue_input_normal_1.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\blue_input_normal_2.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\blue_input_over_0.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\blue_input_over_1.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\blue_input_over_2.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\branding.js
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\buddy.js
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\button_movedowndisabled.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\button_movedowndown.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\button_movedownover.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\button_movedownup.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\button_moveupdisabled.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\button_moveupdown.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\button_moveupover.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\button_moveupup.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\button_nextdown.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\button_nextover.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\button_nextup.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\button_prevdown.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\button_prevover.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\button_prevup.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\buttonManager.js
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\buttons.js
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\buttons_frame.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\clearprints.js
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\clearprints_confirm.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\custombutton.js
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\customize_icon.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\defaultsearch.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\disabled_input_0.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\disabled_input_1.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\disabled_input_2.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\dot.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\dropcustombutton.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\firsttimepage.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\footprints.js
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\footprints_frame.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\general_icon.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\green_input_down_0.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\green_input_down_1.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\green_input_down_2.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\green_input_normal_0.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\green_input_normal_1.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\green_input_normal_2.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\green_input_over_0.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\green_input_over_1.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\green_input_over_2.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\latest.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\metrics.js
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\olderversion.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\options.js
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\options_frame.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\pan_bottom_left.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\pan_bottom_right.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\pan_bottom_tile.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\pan_left_tile.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\pan_right_tile.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\pan_top_left.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\pan_top_left_bot.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\pan_top_left_large.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\pan_top_right.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\pan_top_right_bot.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\pan_top_right_large.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\pan_top_tile.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\popup_icon.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\popups_frame.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\popups_icon.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\preferences.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\preferences.js
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\privacy_icon.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\renamecustombutton.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\resettoolbar.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\search.js
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\search_frame.htm
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\search_icon.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\SettingTabActive.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\SettingTabNormal.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\SettingTabOver.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\sidebar_bg.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\sidebar_bottom.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\sidebar_left.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\sidebar_top.gif
    C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\ui\stylesheet.css
    C:\ProgramData\AIM
    C:\ProgramData\AIM\Settings\migrator.xml
    C:\Users\Charles McGehee\AppData\Local\AIM
    C:\Users\Charles McGehee\AppData\Local\AIM\aimx.bin
    C:\Users\Charles McGehee\AppData\Local\AIM\Settings\global.xml
    C:\Users\Charles McGehee\AppData\Local\AIM\Settings\seanjmcgehee\settings.xml
    C:\Users\Default\AppData\Local\temp
    C:\Users\RA Media Server\AppData\Local\temp
    C:\Windows\system32\config\systemprofile\AppData\Local\temp

    ---- Previous Run -------

    C:\Program Files\Search Toolbar
    C:\Program Files\Search Toolbar\icon.ico
    C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe
    C:\Users\Charles McGehee\AppData\Local\assembly\tmp
    C:\Users\Charles McGehee\AppData\Roaming\DataSafeDotNet.exe
    C:\Users\Charles McGehee\AppData\Roaming\EurekaLog
    C:\Users\Charles McGehee\AppData\Roaming\EurekaLog\EurekaLog.ini
    C:\Users\Charles McGehee\AppData\Roaming\Microsoft\Windows\Recent\Protect Videos & Other Files On Amazon - S3FlowShield offers true protection for your videos and other files stored on Amazon S3. Includes a custom Flash.url
    C:\Users\Charles McGehee\g2mdlhlpx.exe
    C:\Users\Charles McGehee\GoToAssistDownloadHelper.exe
    C:\Windows\system32\~GLH000a.TMP
    C:\Windows\system32\~GLH000b.TMP
    C:\Windows\system32\drivers\etc\hosts.txt


    ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))


    2012-01-30 04:16:19 . 2012-01-30 04:16:19 -------- d-----w- C:\Program Files\Common Files\Java
    2012-01-30 04:15:55 . 2012-01-30 04:15:21 472808 ----a-w- C:\Windows\system32\deployJava1.dll
    2012-01-30 03:38:37 . 2012-01-30 03:38:37 -------- d-----w- C:\_OTM
    2012-01-29 18:44:46 . 2012-01-29 18:44:46 -------- d-----w- C:\Program Files\SpeedPPC
    2012-01-29 18:44:44 . 2012-01-30 00:18:56 -------- d-----w- C:\Users\Charles McGehee\AppData\Roaming\SpeedPPC4
    2012-01-29 16:13:42 . 2012-01-29 16:13:42 -------- d-----w- C:\ProgramData\FLEXnet
    2012-01-29 15:27:09 . 2012-01-29 15:35:40 -------- d-----w- C:\Users\Charles McGehee\AdobeLicensingFilesBackup
    2012-01-29 03:06:30 . 2012-01-29 03:17:51 -------- d-----w- C:\Program Files\1ClickDownload
    2012-01-29 01:28:02 . 2012-01-29 01:28:02 3584 ----a-r- C:\Users\Charles McGehee\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2012-01-29 01:28:02 . 2012-01-29 01:28:02 -------- d-----w- C:\Program Files\Windows Installer Clean Up
    2012-01-28 23:26:31 . 2012-01-29 05:04:58 -------- d-----w- C:\AdobeTemp
    2012-01-28 22:46:18 . 2012-01-28 22:46:18 -------- d-----w- C:\MoTemp
    2012-01-28 22:45:07 . 2012-01-28 22:45:07 -------- d-----w- C:\Users\Charles McGehee\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
    2012-01-28 22:29:51 . 2012-01-28 22:29:51 -------- d-----w- C:\Users\Charles McGehee\AppData\Roaming\com.adobe.dmp.contentviewer
    2012-01-28 17:58:57 . 2012-01-28 17:59:03 -------- d-----w- C:\Users\Charles McGehee\AppData\Local\Ilivid Player
    2012-01-28 17:55:09 . 2012-01-28 19:51:59 -------- d-----w- C:\Program Files\iLivid
    2012-01-28 00:15:49 . 2012-01-28 00:15:49 -------- d-----w- C:\Program Files\ESET
    2012-01-27 18:04:57 . 2011-12-10 21:24:06 20464 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2012-01-27 18:04:55 . 2012-01-27 18:05:28 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2012-01-26 16:52:26 . 2012-01-26 16:52:27 -------- d-----w- C:\Program Files\Muse
    2012-01-21 05:40:30 . 2012-01-21 06:27:12 -------- d-----w- C:\Program Files\RSS Submit
    2012-01-13 01:21:29 . 2011-11-16 16:23:05 278528 ----a-w- C:\Windows\system32\schannel.dll
    2012-01-13 01:21:16 . 2011-11-17 06:48:37 440192 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
    2012-01-13 01:21:01 . 2011-11-16 16:21:57 1259008 ----a-w- C:\Windows\system32\lsasrv.dll
    2012-01-13 01:20:53 . 2011-11-16 16:23:44 377344 ----a-w- C:\Windows\system32\winhttp.dll
    2012-01-13 01:20:35 . 2011-11-16 16:23:08 72704 ----a-w- C:\Windows\system32\secur32.dll
    2012-01-13 01:20:23 . 2011-11-16 14:12:25 9728 ----a-w- C:\Windows\system32\lsass.exe
    2012-01-11 13:48:51 . 2011-10-14 16:03:25 189952 ----a-w- C:\Windows\system32\winmm.dll
    2012-01-11 13:48:38 . 2011-10-14 16:00:23 23552 ----a-w- C:\Windows\system32\mciseq.dll
    2012-01-11 13:48:10 . 2011-11-18 20:23:34 1205064 ----a-w- C:\Windows\system32\ntdll.dll
    2012-01-11 13:47:54 . 2011-11-18 17:47:03 66560 ----a-w- C:\Windows\system32\packager.dll
    2012-01-11 13:47:38 . 2011-11-25 15:59:48 376320 ----a-w- C:\Windows\system32\winsrv.dll
    2012-01-11 13:47:29 . 2011-12-01 15:21:18 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
    2012-01-11 13:47:07 . 2011-10-25 15:58:55 1314816 ----a-w- C:\Windows\system32\quartz.dll
    2012-01-11 13:46:54 . 2011-10-25 15:58:54 497152 ----a-w- C:\Windows\system32\qdvd.dll
    2012-01-02 04:50:54 . 2012-01-02 04:50:54 43992 ----a-w- C:\Program Files\Mozilla Firefox\mozutils.dll
    2012-01-02 04:50:53 . 2012-01-02 04:50:53 626688 ----a-w- C:\Program Files\Mozilla Firefox\msvcr80.dll
    2012-01-02 04:50:53 . 2012-01-02 04:50:53 548864 ----a-w- C:\Program Files\Mozilla Firefox\msvcp80.dll
    2012-01-02 04:50:53 . 2012-01-02 04:50:53 479232 ----a-w- C:\Program Files\Mozilla Firefox\msvcm80.dll
    2011-12-31 12:37:20 . 2011-12-31 12:39:40 -------- d-----w- C:\Users\Charles McGehee\AppData\Roaming\acccore
    2011-12-31 12:37:09 . 2011-12-31 12:37:09 -------- d-----w- C:\Users\Charles McGehee\AppData\Local\AOL
    2011-12-31 12:36:46 . 2011-12-31 12:36:46 -------- d-----w- C:\Program Files\Common Files\Software Update Utility
    2011-12-31 12:36:06 . 2011-12-31 12:36:06 -------- d-----w- C:\Program Files\Common Files\AOL
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2011-12-30 02:17:35 . 2011-12-30 02:17:35 677136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-12-02 20:15:45 . 2011-05-13 11:43:38 414368 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:37:27 . 2011-12-15 01:24:50 2043904 ----a-w- C:\Windows\system32\win32k.sys
    2011-11-08 14:42:19 . 2011-12-15 01:24:34 2048 ----a-w- C:\Windows\system32\tzres.dll
    2011-11-04 12:10:43 . 2011-11-04 12:10:43 388096 ----a-r- C:\Users\Charles McGehee\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-04 10:00:38 . 2011-11-04 10:00:38 348160 ----a-w- C:\Windows\system32\3ef99b402a2af762a8f33445e8ae1013.szcpf
    2011-11-04 04:23:03 . 2008-12-25 20:51:44 348160 ----a-w- C:\Windows\system32\msvcr71.dll
    2011-11-03 22:47:42 . 2011-12-15 09:05:59 1798144 ----a-w- C:\Windows\system32\jscript9.dll
    2011-11-03 22:40:21 . 2011-12-15 09:05:56 1427456 ----a-w- C:\Windows\system32\inetcpl.cpl
    2011-11-03 22:39:47 . 2011-12-15 09:06:00 1127424 ----a-w- C:\Windows\system32\wininet.dll
    2011-11-03 22:31:57 . 2011-12-15 09:06:01 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
    2012-01-02 04:50:53 . 2011-11-06 12:21:05 121816 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
    "AdobeBridge"="" [BU]
    "Adobe Acrobat Synchronizer"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2011-09-05 17:05:08 1240992]
    "Starfield Updater"="C:\Program Files\Workspace\workspaceupdate.exe" [2011-11-21 23:25:13 34496]
    "wben"="C:\Program Files\Workspace\wben.exe" [2011-12-21 14:34:28 368368]
    "ogcsn"="C:\Program Files\Workspace\outsync.exe" [2012-01-20 20:45:52 702448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2008-07-17 12:00:18 196608]
    "Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2008-08-05 12:17:20 3563520]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2008-01-14 16:13:02 132392]
    "Act.Outlook.Service"="C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe" [2008-02-22 00:39:50 9728]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 22:58:10 37296]
    "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-29 22:38:18 421888]
    "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2011-11-22 23:18:26 1318816]
    "Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 17:04:58 36760]
    "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 17:04:58 2904984]
    "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 22:42:18 499608]
    "SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 18:37:14 517096]
    "AdobeCS5.5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 12:08:56 1523360]
    "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 19:54:26 91520]
    "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 12:22:28 59240]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-10-09 23:06:40 421736]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2011-02-12 01:26:32 137752]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2011-02-12 01:26:26 171032]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2011-02-12 01:26:30 172568]
    "Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 23:50:18 460872]
    "AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 12:52:50 611712]
    "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 19:06:06 254696]

    C:\Users\Charles McGehee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

    C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-12-25 20:56:45 10536 ----a-w- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 10:22:56 73728]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk01

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
    2011-07-05 16:26:04 435976 ----a-w- C:\Program Files\SFT\GuardedID\GIDI.exe

    Contents of the 'Scheduled Tasks' folder

    2012-01-30 C:\Windows\Tasks\Free File Viewer Update Checker.job
    - C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [2011-01-06 19:13:33 . 2011-02-05 21:50:30]


    ------- Supplementary Scan -------

    uStart Page = hxxp://google.com/
    uInternet Settings,ProxyOverride = *.local;<local>
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Web-Based Email Tools - hxxp://email06.secureserver.net/Download.CAB
    FF - ProfilePath - C:\Users\Charles McGehee\AppData\Roaming\Mozilla\Firefox\Profiles\iad8cnbd.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111231123641249&tb_oid=31-12-2011&tb_mrud=31-12-2011
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://google.com
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20111231123641249&tb_oid=31-12-2011&tb_mrud=31-12-2011&query=
    FF - prefs.js: network.proxy.ftp_port - 90
    FF - prefs.js: network.proxy.gopher_port - 90
    FF - prefs.js: network.proxy.http_port - 90
    FF - prefs.js: network.proxy.socks_port - 90
    FF - prefs.js: network.proxy.ssl_port - 90
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false

    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Aim - C:\Program Files\AIM\aim.exe
    AddRemove-AIM Toolbar - C:\Program Files\AIM Toolbar\uninstall.exe
    AddRemove-AIM_7 - C:\Program Files\AIM\uninst.exe


    I uninstalled Hijack This and reinstalled in new folder located in C directory



    Hijack This Log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:24:57 PM, on 1/29/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Workspace\workspaceupdate.exe
    C:\Program Files\Workspace\wben.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Hijack This\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: AOL Messaging Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111220184827.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
    O4 - HKCU\..\Run: [Starfield Updater] "C:\Program Files\Workspace\workspaceupdate.exe"
    O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
    O4 - HKCU\..\Run: [wben] "C:\Program Files\Workspace\wben.exe"
    O4 - .DEFAULT User Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: Web-Based Email Tools - http://email06.secureserver.net/Download.CAB
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: File Backup Service (File Backup) - Starfield Technologies - C:\Program Files\Workspace\offSyncService.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\program files\common files\protexis\license service\psiservice_2.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

    --
    End of file - 12741 bytes

    Thank you for all of your expertise and patience, you're doing an awesome job and I really appreciate you.

    Sean
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...