TechSpot

Search engine redirect with any browser, can't run iTunes

By Gardengirl
Sep 11, 2011
  1. Spontaneous closing of programs, USB ports don't appear to be communicating with PC.

    Windows 7 OS, 64 bit. Husbands PC appears to have a virus/malware. Trying not to be chatty, and offering as much info as possible.


    Thank you for any help you can provide, we really do appreciate your time and effort. I cannot run Gmer, I can open it, but the program will not run. Also, I can shutdown my McAfee firewall, but I don't see any option to shut down the Anti-virs feature. :(

    Hijack This log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:25:07 AM, on 9/10/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110820191210.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Startup: DESKTOP (1).INI
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13938 bytes

    DDS:
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by John at 11:09:57 on 2011-09-10
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.5855 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\conhost.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k LPDService
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
    C:\Program Files (x86)\real\realplayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveXReplacer.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\vds.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://www.dell4me.com/myway
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.charter.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110820191210.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
    mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [basicsmssmenu] "C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
    StartupFolder: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DESKTOP (1).INI
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    Trusted Zone: intuit.com\ttlc
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
    TCP: Interfaces\{2D5229B0-32AC-4AE5-B90B-4BDD08F98A9B} : DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
    TCP: Interfaces\{2D5229B0-32AC-4AE5-B90B-4BDD08F98A9B}\C416277656F416B6 : DhcpNameServer = 68.115.71.53 24.213.60.93 24.196.64.53
    TCP: Interfaces\{BE191291-7F7F-46E0-8F14-FF7FC12BCB5F} : DhcpNameServer = 192.168.2.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110820191210.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO-X64: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    mRun-x64: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [basicsmssmenu] "C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
    mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\otrq0ydx.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll
    FF - plugin: C:\Program Files (x86)\Opera\program\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Opera\program\plugins\npqtplugin8.dll
    FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin8.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-30 249936]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-30 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-30 249936]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-30 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-12-30 197960]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-12-30 208272]
    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-8-24 92008]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
    R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-1 135664]
    S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-18 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-18 79360]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-1-9 25832]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-1 135664]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-30 249936]
    .
    =============== Created Last 30 ================
    .
    2011-09-10 14:55:52 388096 ----a-r- C:\Users\John\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-09-10 14:55:50 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-09-10 01:50:08 -------- d-----w- C:\Program Files\iPod
    2011-09-10 01:50:07 -------- d-----w- C:\Program Files\iTunes
    2011-09-10 01:50:07 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-09-09 21:40:14 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-09-09 21:40:12 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5969076-020C-4A92-83FD-B593BF5B34EE}\mpengine.dll
    2011-09-04 17:11:53 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
    2011-08-23 19:49:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-08-23 19:49:02 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-08-21 00:12:10 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
    2011-08-16 00:45:22 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
    .
    ==================== Find3M ====================
    .
    2011-08-24 21:41:24 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-01 20:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys
    2011-08-01 20:59:06 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-12 16:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-07-12 16:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
    2011-07-12 16:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-07-12 16:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-07-07 00:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-05 23:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-07-05 23:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-07-01 18:13:53 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-07-01 18:13:53 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
    2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
    2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
    2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
    2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
    2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
    2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
    2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
    .
    ============= FINISH: 11:19:03.55 ===============
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help sort rhe problems out.

    We don't use HijackThis to 'screen' for malware. And there is more included in this: Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    There is a second log from DDS named Attach.txt.That is a name, not a direction. Please find that on the system and paste it into the next reply. Do not zip it.

    There is also no log from Malwarebytes
    OK to hold on GMER for now.

    Please paste these 2 logs into your next reply.
    ----------------------------------------------------
    Questions:
    1. Describe what you mean by Spontaneous closing of programs. Does system freeze? If you reboot, does the program open? Is there any message when it closes? How much RAM is installed?
    2. What are you connecting to a USB port that isn't working? Is it one Port or all? Have you checked the Device Manager for Errors?
    Control Panel> System> Hardware tab> Device Manager> Scroll down to the USB section> do you see any error [​IMG] If you do, double click on that device to open and check problem

    3. Did iTunes ever work? Is this a connection problem such as "can't find the server"? If not, what happens when you try to connect?
    ===============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  3. Gardengirl

    Gardengirl TS Rookie Topic Starter

    Bobbye, thanks so much for helping us figure out what is wrong with my husbands PC.

    I felt sure I read Hijack This instead of Malware Bytes, we have both and currently running Malware Bytes for you right now. I do apologize.

    Question 1. Programs would just close, system did not freeze up. Firefox, IE & iTunes
    were the programs that spontaneously closed. Several times, we would see a message, or messages flash on the screen, but they appeared for less than a second and were gone. 8MB Ram.

    2. iPod, back-up drive and jump drive would not work. 2 ports located on top of the tower were not working, but several ports located at the back are working). Today, we were able to connect the jump drive to the ports on top of the tower and the back-up drive, but did not recognize the iPod.
    There are no error icons in the USB section of device manager.

    3. iTunes has always worked, never had an issue. This computer never had a problem running anything until our daughter used it last Tuesday. Before we contacted Techspot, we uninstalled and reinstalled iTunes several times. It is not a connection issue. iTunes doesn't always open, it doesn't recognize the iPod. Sometimes 20 minutes will pass, and iTunes will open, so there is probably some sort of lag problem? When we disconnect the iPod from the USB port, it shows in My Computer as being connected when the iPod is actually NOT connected-more lag? I will post the DDS attach log and be back with the Malware Bytes log as soon as MB is finished. Thanks so much!

    The DDS Attach log:
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/29/2009 6:50:24 PM
    System Uptime: 9/10/2011 10:43:11 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0X231R
    Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | CPU 1 | 2793/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 917 GiB total, 786.99 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    J: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart Premium C309g-m
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart Premium C309g-m
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Photosmart Premium C309g-m
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Photosmart Premium C309g-m
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    ==== System Restore Points ===================
    .
    RP148: 8/24/2011 3:00:12 AM - Windows Update
    RP149: 8/31/2011 5:49:45 PM - Scheduled Checkpoint
    RP154: 9/7/2011 6:15:44 PM - Removed TurboTax 2009 wwiiper
    RP155: 9/7/2011 6:25:32 PM - Removed iSEEK AnswerWorks English Runtime
    RP156: 9/7/2011 6:26:49 PM - Removed TurboTax 2009 WinPerTaxSupport
    RP157: 9/7/2011 6:28:08 PM - Removed TurboTax 2009 WinPerFedFormset
    RP158: 9/7/2011 6:28:57 PM - Removed TurboTax 2009 WinPerReleaseEngine
    RP159: 9/7/2011 6:30:26 PM - Removed TurboTax 2009 wrapper
    RP162: 9/7/2011 7:58:29 PM - Removed iTunes
    RP164: 9/8/2011 3:00:34 AM - Windows Update
    RP169: 9/8/2011 6:39:16 PM - Installed iTunes
    RP174: 9/9/2011 8:44:27 PM - Installed iTunes
    RP175: 9/10/2011 9:47:46 AM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1.2
    Apple Application Support
    Apple Software Update
    Avery Wizard 3.1
    Bing Bar
    BufferChm
    C309g-m
    Cisco Connect
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Consumer In-Home Service Agreement
    Coupon Printer for Windows
    Creative Audio Control Panel
    Creative Software AutoUpdate
    Dell DataSafe Online
    Dell Getting Started Guide
    Destinations
    DeviceDiscovery
    DirectXInstallService
    Dragon Age: Origins
    Drive Manager
    EMC 10 Content
    Google Chrome
    Google Update Helper
    GPBaseService2
    HiJackThis
    Host OpenAL
    HP Update
    HPDiagnosticAlert
    HPPhotoGadget
    hpPrintProjects
    HPProductAssistant
    HPSSupply
    hpWLPGInstaller
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    Malwarebytes' Anti-Malware version 1.51.1.1800
    MarketResearch
    McAfee AntiVirus Plus
    Microsoft Digital Image Library 9
    Microsoft Digital Image Pro 9
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Mozilla Firefox 6.0.2 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multimedia Card Reader
    NVIDIA PhysX
    Opera 10.10
    PhotoScape
    PowerDVD DX
    PS_AIO_06_C309g-m_SW_Min
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy CD and DVD Burning
    Roxio Express Labeler 3
    Roxio Update Manager
    Safari
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SmartWebPrinting
    SolutionCenter
    Sonic CinePlayer Decoder Pack
    Sound Blaster X-Fi
    Status
    TaxCut Premium + State + Efile 2008
    TomTom HOME 2.7.6.2056
    TomTom HOME Visual Studio Merge Modules
    Toolbox
    TrayApp
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax 2010 wwiiper
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    WebReg
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Writer
    WinPatrol 2009
    Yahoo! Detect
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/9/2011 8:43:51 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/9/2011 8:38:53 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    9/9/2011 6:57:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8006d34b60, 0xfffff80000b9c510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090911-24866-01.
    9/8/2011 9:35:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR8.
    9/8/2011 3:00:22 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    9/7/2011 8:11:51 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
    9/7/2011 7:50:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR10.
    9/7/2011 7:19:19 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR8.
    9/7/2011 5:16:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8006d85b60, 0xfffff80000b9c510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090711-18252-01.
    9/10/2011 8:31:21 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8006db6040, 0xfffff8000488c510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091011-17394-01.
    9/10/2011 7:01:14 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8006d2d680, 0xfffff80000b9c510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091011-17144-01.
    9/10/2011 11:05:39 AM, Error: Service Control Manager [7031] - The Virtual Disk service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/10/2011 10:44:33 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
    9/10/2011 10:44:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PxHelp20 RxFilter
    9/10/2011 10:44:02 AM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.
    9/10/2011 10:43:52 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8006d59040, 0xfffff80003c85510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091011-38235-01.
    9/10/2011 10:43:34 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\PxHelp20.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    9/10/2011 10:32:35 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    9/10/2011 10:31:29 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    9/10/2011 10:31:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/10/2011 10:31:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/10/2011 10:31:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/10/2011 10:31:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/10/2011 10:30:58 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
    9/10/2011 10:30:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache PxHelp20 RxFilter spldr Wanarpv6
    9/10/2011 10:30:38 AM, Error: Service Control Manager [7001] - The LPD Service service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
    9/10/2011 10:30:32 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
     
  4. Gardengirl

    Gardengirl TS Rookie Topic Starter

    malware bytes log

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7689

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    9/12/2011 6:27:52 PM
    mbam-log-2011-09-12 (18-27-52).txt

    Scan type: Quick scan
    Objects scanned: 257190
    Time elapsed: 5 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Check your RAM again> You wouldn't even be able to start up with only 8MB. Windows XP Home takes minimum of 512MB to run decently. System requirements for Win 7 Home premium is 2 GB RAM (64-bit)

    Also, be advised of compatibility issues:
    Related to PxHelp20.sys Px Engine Device Driver for Windows 2000/XP from Sonic Solutions
    ========================================
    There is a 'mystery' process running: From TechSpot;
    Description:
    ASIO driver for the Sound Blaster Audigy & Audigy 2 series sound card
    ========================================
    I'm thinking the 2 processes above might be related- following are installed..
    Creative Audio Control Panel
    Creative Software AutoUpdate
    Sonic CinePlayer Decoder Pack
    ======================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ===============================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===========================================
    I think this will turn out to be either hardware or software problem rather than malware.

    Must have a correct RAM figure: Control panel> System> It should be on the screen that opens up.
     
  6. Gardengirl

    Gardengirl TS Rookie Topic Starter


    8GB of RAM, sorry, and that's what I meant to type.
    Right clicked on My Computer--->Properties.

    Is it possible it is both a hardware/software problem and malware? My husband can't use any search engine in any browser.

    At any rate, will download and run these programs tonight and get back to you, thanks so much.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I thought that's what it might be, but I don't like to 'assume' But it could still be RAM related if there is a bad chip/.

    Yes- it can be either one of these or a combination. The search redirect will be a malware issue.

    Post the logs when ready.
     
  8. Gardengirl

    Gardengirl TS Rookie Topic Starter

    Bobbye, no malware was found with the ESet scanner, no log was produced.
    I also failed to mention (forgot is more like it :eek:) earlier that it takes about 15 minutes for the computer to shut down.
    Here is the Combofix log and thanks again for taking the time to help with our computer problems.

    ComboFix 11-09-13.04 - John 09/13/2011 17:46:05.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6054 [GMT -5:00]
    Running from: c:\users\John\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\John\WINDOWS
    c:\windows\SysWow64\comct332.ocx
    J:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-13 23:21 . 2011-09-13 23:21 -------- d-----w- c:\users\Paula\AppData\Local\temp
    2011-09-13 23:21 . 2011-09-13 23:21 -------- d-----w- c:\users\Paula \AppData\Local\temp
    2011-09-13 23:21 . 2011-09-13 23:21 -------- d-----w- c:\users\Missy\AppData\Local\temp
    2011-09-13 23:21 . 2011-09-13 23:21 -------- d-----w- c:\users\Missy \AppData\Local\temp
    2011-09-13 23:21 . 2011-09-13 23:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-13 11:39 . 2011-08-16 13:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B77D055-575D-4198-B0F0-30BC2ACCC15A}\mpengine.dll
    2011-09-10 14:55 . 2011-09-10 14:55 388096 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-09-10 14:55 . 2011-09-10 14:55 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-09-10 01:50 . 2011-09-10 01:50 -------- d-----w- c:\program files\iPod
    2011-09-10 01:50 . 2011-09-10 01:50 -------- d-----w- c:\program files\iTunes
    2011-09-10 01:50 . 2011-09-10 01:50 -------- d-----w- c:\program files (x86)\iTunes
    2011-09-04 17:11 . 2011-09-10 15:30 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
    2011-08-23 19:49 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-23 19:49 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-08-21 00:12 . 2011-03-13 16:42 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
    2011-08-16 02:14 . 2011-08-16 02:14 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-08-16 00:45 . 2011-08-16 00:45 -------- d-----w- c:\program files\Microsoft IntelliPoint
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-24 21:41 . 2011-05-30 11:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-01 20:59 . 2011-08-01 20:59 45416 ----a-w- c:\windows\system32\drivers\point64.sys
    2011-08-01 20:59 . 2011-08-01 20:59 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
    2011-07-30 22:44 . 2010-02-08 01:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-07-30 22:44 . 2010-03-27 00:45 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-07-30 22:44 . 2011-07-30 22:44 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-07-30 22:44 . 2010-02-28 12:23 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-07-16 05:41 . 2011-08-09 21:49 362496 ----a-w- c:\windows\system32\wow64win.dll
    2011-07-16 05:41 . 2011-08-09 21:49 243200 ----a-w- c:\windows\system32\wow64.dll
    2011-07-16 05:41 . 2011-08-09 21:49 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2011-07-16 05:39 . 2011-08-09 21:49 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2011-07-16 05:37 . 2011-08-09 21:49 421888 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 05:21 . 2011-08-09 21:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 04:29 . 2011-08-09 21:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26 . 2011-08-09 21:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-16 04:25 . 2011-08-09 21:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2011-07-16 04:24 . 2011-08-09 21:49 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2011-07-16 04:24 . 2011-08-09 21:49 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2011-07-16 04:15 . 2011-08-09 21:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-09 21:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2011-07-16 02:21 . 2011-08-09 21:49 2048 ----a-w- c:\windows\SysWow64\user.exe
    2011-07-16 02:17 . 2011-08-09 21:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-09 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-09 21:49 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-09 21:49 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-12 16:34 . 2011-07-12 16:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 16:34 . 2011-07-12 16:34 85864 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-07-09 02:46 . 2011-08-09 21:49 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-07-07 00:52 . 2010-01-23 16:13 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2011-07-01 19:31 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-07-01 18:13 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-07-01 18:13 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-06-24 05:34 . 2011-08-09 21:49 214528 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-24 05:25 . 2011-08-09 21:49 338432 ----a-w- c:\windows\system32\conhost.exe
    2011-06-23 05:43 . 2011-08-09 21:48 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-06-23 04:33 . 2011-08-09 21:48 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-06-23 04:33 . 2011-08-09 21:48 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-06-21 06:34 . 2011-08-09 21:48 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-18 18:46 . 2010-02-08 01:13 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-06-18 18:46 . 2011-06-18 18:46 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-06-18 18:45 . 2010-02-08 01:12 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
    "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-02-03 237693]
    "SPIRunE"="SPIRunE.dll" [2009-07-27 18432]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-07-13 1666144]
    "basicsmssmenu"="c:\program files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-06-01 273544]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    .
    c:\users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    .
    c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    DESKTOP (1).INI [2002-9-3 84]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-01 135664]
    R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-19 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-19 79360]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-01 135664]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-01 20:33]
    .
    2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-01 20:33]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.charter.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
    FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\otrq0ydx.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-13 18:46:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-13 23:46
    .
    Pre-Run: 846,339,825,664 bytes free
    Post-Run: 845,733,867,520 bytes free
    .
    - - End Of File - - A7922989FE0AF011C2CDEE66BB74DF7A
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Glad to help.
    As for the slow shutdown: whatever starts on boot and runs in the background has to shut down. Occasionally an app will hang and cause the shutdown process to delay> You should be getting a message if that's happening and possibly the Task Manager will display to End Task.
    =============================
    This Deletion J:\Autorun.inf usually indicates that you have used an infected flash drive. it need to be disinfected:
    • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
    • Install and run it.
    • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
    =========================================
    I had one other Win 7 OS configured just like yours: there is a full list of all the System32 entries followed by the exact same processes for WOW64. Strangely enough, both have almost the exact same date span: 2011-07-16 04:15 . 2011-08-09 21>> other other system was 8/10. You appear not to be running in 64bit.
    I'm wondering if those dates were Windows updates with a choice of which to install.
    ========================================
    Has anything changed with the system? Redirects? iTunes?
     
  10. Gardengirl

    Gardengirl TS Rookie Topic Starter

    Well, I think you may be spot on about the corrupt flash drive and it belongs to my daughter (I mentioned her earlier). She had plugged her drive into both of our computers. I hadn't shut my PC down since my husbands computer was infected. I shut it down Wed. night, the next morning there was no start menu on my computer. Tried to get it to boot several times, only 44 out of 64 (my usual #) processes started up with the computer. I was able to access msconfig thru task mgr. and reset my computer to a day earlier. Other than that, nothing appears to be wrong with MY computer.

    However, we both downloaded and ran Panda. My husbands iPod is still not recognized on his pc, but it is on mine. Still has search engine redirects with all browsers. If we can get this fixed, then I can address the 32 bit vs 64 bit, unless that has something to do with his computer problems. Thank you, Bobbye - I know I am being repetitive, but I really do appreciate all the help you're giving us!
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Where a name appears, I am seeing 'John.'
    I need to clarify this:
    We are only working on his computer- is that correct?
    Accordingly, who is getting redirected?Who can't connect to iTunes? as the System Restore done on his computer?

    If all of this is referring to John's computer, we should keep the comments to just related to his system. I only handle one system on a thread because it gets confusing- which is where am now- confused!

    The ComboFix log is dated 11-09-13.04 - John 09/13/2011 17:46:05.1.8 - x64
    Did you do the System Restore before or after this date?
    Did you do the SR on John's computer?

    And to be on the safe side, please keep your daughter and the traveling flash drive off of the computer we're working on.
     
  12. Gardengirl

    Gardengirl TS Rookie Topic Starter

    Yes, we are only working on John's computer.

    I only mentioned that I found a problem on my computer after I shut it down to corroborate your conclusion about the corrupted flash drive. She (daughter) had also plugged her drive into my computer. I was able to fix my computer by doing a sys restore.

    Before I posted to TechSpot, I tried a system restore on John's computer,the day after the infection occurred. The actual infection was 9/7. I tried system restore on 9/8, have not tried it since.The only option to restore it was to go back to 9/7, there were no other dates listed & I could not manually restore his computer to any other date, so we didn't attempt a restore.


    Johns computer has the re-directed search engines with all browsers. He cannot charge or change playlists with his iPod on his PC, but I can plug it in and charge it up on my PC. He can plug in his back-up drive and other drives to his computer and they work. Before I contacted TechSpot, we downloaded a new iTunes , uninstalled the corrupt version and installed the new iTunes. We haven't done anything with iTunes (as far as installations) since posting here. We have only opened it and plugged in the iPod to see if it would work.

    I didn't want to alter anything that would hamper fixing his computer. :)

    Do you think I could attempt to clean her flash drive using Panda on my computer?
    She has important work documents on her drive.
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, we know the iPod works. I'm a bit out of my element here because I don't have an ipod, itunes or anything else that starts with 'i'. And I like oranges better than Apples, so I don't have any Apples either! but don't you basically download iTunes to the computer then transfer to the iPod?

    Best check the iTunes/iPod support to find what settings to check.

    Yes, since both you and John have Panda, you should be safe to connect daughter's flash drive and disinfect.

    Explain please: "He can plug in his back-up drive and other drives to his computer and they work"> What do you mean by "they." Do you mean the USB connections work for the external drives, but not the iPod?

    This is what's confusing me: Running from: c:\users\John\Downloads\ComboFix.exe
    And then here is John himself!
    c:\users\John\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

    This is suppose to be John' computwr< right? So you must be PaulA and daughter must be Missy. So what are appd
     
  14. Gardengirl

    Gardengirl TS Rookie Topic Starter

    Yes, the USB's work for any other external drive we use.

    Yes, this is John's computer. I am Paula and one of our daughter's is Missy.


    John said when you log in on his PC, there are two Paula profiles and two Missy profiles. I never use his PC, so I didn't know this until I saw the logs. John believes it happened when he transferred data from his old PC to his new PC. He deleted all the other user accounts now.

    Since I last posted, his browser/search engine problem is sort of fixed. He can use Mozilla with no redirect when you do a search, however there is intermittent redirects in IE search.

    We like oranges and apples. :) Yes, your description of iTunes is correct. I can browse the Apple forums for help with the iPod. No problem.
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Nice to meet the whole family! Have John check all his browser security settings. If FF is okay, then it sounds like a setting in IE may be too low for security. Here's some help:
    • Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
     
  16. Gardengirl

    Gardengirl TS Rookie Topic Starter

    Bobbye, thanks much. I have iTunes working again, and although he still has a search engine redirect, I just have to arrow back on his browser to take me out of the redirect and back to the working search engine. :)
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, so something changes and his iTunes now works. Bit he shouldn't have to put up with a redirect. Let' run the following to see if there is a bad entry:

    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  18. Gardengirl

    Gardengirl TS Rookie Topic Starter

    Thanks again, Bobbye! Got this error message when I started the HT scan:

    [​IMG]

    At this time, I did not edit anything.

    The Hijack This log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:19:04 PM, on 10/2/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
    C:\Program Files (x86)\real\realplayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110914192906.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Startup: DESKTOP (1).INI
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14788 bytes
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You have an entry that is usually seen if the hidden files and folders are being viewed- but it's in the wrong section.

    Please do this:
    Hide Files and Folders in 7:
    • Click on the Start button and select Computer
    • Press the Alt key on your keyboard and click on Tools
    • Select Folder Options
    • Click the View tab > Check Do Not show hidden files and folders (this will automatically uncheck 'show hidden files and folders')
    • Next, Check the box next to Hide protected operating system files (Recommended)
    • Then, Check the box next to Hide extensions for known filetypes
    • Click Apply then click OK
    ---------------------------------
    Then rescan with HJT and let's see if it's back in it's place!
     
  20. Gardengirl

    Gardengirl TS Rookie Topic Starter

    Bobbye, I tried 3 different search engines in two browsers tonight. I had only one redirect which McAfee intercepted with the question -are you sure you want to go there? I searched using many different key words, and attempted the same search that McAfee intercepted for a second time with no redirect whatsoever. The browser redirect is fixed, I believe. When this started, you could not search for anything at all, it would redirect every time.

    Per your request, I only had to check Do Not Show Hidden Files and Folders, the other two boxes were already checked.

    Here is the new HT scan.
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:05:42 PM, on 10/11/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
    C:\Program Files (x86)\real\realplayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011032906.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Startup: DESKTOP (1).INI
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14679 bytes

    Thanks for all your help, Bobbye. I do believe everything is working again! :)
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    That is great to know! I hope the AV authors do more of this!

    I've been meaning to bring this to your attention. This toolbar is for Microsoft Money. 'No file' doesn't always mean there isn't a file. But if you use the program, you should check to make sure it's running okay, If you don't you might want to uninstall in Add/Remove Programs:
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    ====================================
    An FYI for you- you have many programs running in the background. They don't need to start on boot and keep running. And some of the corresponding Services can be set to Manual Startup instead of Automatic.

    HijackThis log is fine. Now that the system is clean, if you want to work on those startups sometime, let me know.
    Printers, cameras, scanners, imaging programs, burning programs, card readers, media players don't need to be on the Startup Menu.
    Auto-updates should be for only the AV program. Auto-updaters contact the internet every day, several times a day, looking for updated that may come months apart!
    =====================================
    It was nice working with you. Now you can remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
      [o] Click START> then RUN
      [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
      [o] Double click OTCleanIt.exe.
      [o] Click the CleanUp! button.
      [o] If you are prompted to Reboot during the cleanup, select Yes.
      [o]The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • Set a new, clean Restore Point
      [o] Click on Start> right click on Computer> Properties
      [o] Select System Protection
      [o] Click on the Create button (near bottom)
      [o] Type a name for the Restore Point
      [o] Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
      [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
      [o] Click Disk Cleanup from there.
      [​IMG]
      [o] Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
      [o] Click the More Options tab
      [​IMG]
      [o] Click the Clean up under System Restore and Shadow Copies.
      [o] Click OK.
      [o] You will get a confirmation screen> Just click Delete.
      [o] Click OK on the Disk Cleanup Screen.
      [o] Click Delete Files on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin [​IMG]Peace

    Let me know if you have any questions.
     
  22. Gardengirl

    Gardengirl TS Rookie Topic Starter

    Bobbye, I can't thank you enough for all the help you've given us. I will clean up his PC per your instructions. He does use Microsoft Money to do our banking, but I don't know when he last opened it, I will have him check it - I *may* be back-hahaha!

    I will disable some of the startup programs he has running in the background, too. I know some of these programs are huge resource hogs, but to tell you the truth, I have never used his PC until this happened, so I didn't know about all the programs he has running in the background until now. :(
    I know how to un-check start-up programs in the System Config Utility in XP, hoping it's the same in Windows 7. :)

    It has been great working with you!
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're very welcome! Here's some help for using msconfig in Win 7. It's a bit different that Win XP:

    • Click on the Windows 7 start icon in the bottom left corner of your screen.
    • Type MSCONFIG in the search box> press enter or double-click on the MSCONFIG program that appears in the search results.
      [​IMG]
    • Click on Selective Startup
    • Click on the Startup tab. You will now see the System Msconfig Utility
      [​IMG]

      Windows 7 loads almost all of Windows' essential programs are loaded through Windows Services. So most of the startup items you see here are optional and can be turned off.
      Important! When in doubt, leave it on-or- use a Startup database to identify a process you are not sure of.
    • Uncheck any process you don't want to start on boot.
    • When finished> click on OK
      Reboot the computer.
    • When you see this message come up: Check 'don't show this message again'> then Restart.
    [​IMG]
    Images courtesy NetSquirrel

    The only processes that need to start on boot are the antivirus program, third party firewall if you have one, touchpad if on laptop and network processes if using third party software for network. Any other entries in this section can be Unchecked.

    This does not remove a process or program- it can still be accessed when needed through All Programs. And you can go back at a later time and reset the default programs if needed.
    =================================
    And for both of you, here are some security tips: some may not apply- use what you need or want:
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      Clean the temporary internet files often:
      [o] Temporary File Cleaner]
      or
      [o] ATF Cleaner by Atribune
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.
     
  24. Gardengirl

    Gardengirl TS Rookie Topic Starter

    Thanks so much, Bobbye.

    The host file link was VERY informative, especially!

    I have Spywareblaster, Zone Alarm and Spybot S & D on my PC, I will install them on my husband's PC, too.
    We both run McAfee AV+. I know it is a resource hog, but I have used it for so long, and have never had a problem with it, so I stuck with it. I do uninstall the old version and purchase the new version every year at a big box store for 1/2 the price of McAfee's $60 (2 PC's and a laptop) renewal price - I did have to disable auto-renewal.
    I have installed Avira on friend's PC's and they are very happy with it, so I may try it when my subscription is up. :)

    Learned that I have some ancient drivers on my PC, too. Updated my drivers and found no broken links in your post. I have saved this web page to my Documents folder for future reference, as there is so much valuable info here.

    Your instructions for disabling start-up programs in Windows 7 worked perfectly! I know my husband has complained to me several times about Windows Messenger and would I get rid of it for him - I didn't uninstall it, but I did disable it, thanks to you.
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome! There a lot out there to help with security but many don't know about it. I don't care for that 'auto-renewal' that some companies are using. A while back, when they first started, they were putting users on it without permission. I had an AV program separately as I like free standing programs, not suites.

    But when renewal time can, they changed me to the full suite, including the extra $$$ for it. When I emailed to ask about it, I was told "everyone wants the suite!" I sent a 'well-worded' email back that I wasn't 'everyone' and didn't like suite! Needless to say, I left that company!

    Kind of like the buyer has to be absolutely aware and in control of everything that goes on their system!

    Stay safe.:)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...