Inactive Redirected when I click links from Google

D

Danekakakaka

Posts: 11   +0
Hi

I really need someone's help, I have what I believe to be some kind of virus but I am awful when it comes to computers.* It is the same as a lot of these threads where I click a link on Google and I am re-directed (usually to 'eBay' or some virus filled version of eBay!).

I have followed the 5 steps from the 'sticky' thread and really don't know what to do next.* I will copy and Paste my results below and thank you so much for any help you can give me.

D
*
(Plus I don't seem to be able to 'Submit New Thread' from my PC.* Everytime I click the link my internet goes off, I've had to email this to myself and post this from my phone.* Is this normal/related?)
------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.14.01

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 8.0.6001.19088
Daneka :: DANEKA-PC [administrator]

Protection: Enabled

14/01/2012 08:48:36
mbam-log-2012-01-14 (08-48-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183743
Time elapsed: 11 minute(s), 38 second(s)

Memory Processes Detected: 2
C:\Users\Daneka\AppData\Local\SanctionedMedia\Smad\Smad.exe (Trojan.Agent) -> 1012 -> Delete on reboot.
C:\Users\Daneka\AppData\Roaming\Elru\zaqua.exe (Malware.Packer) -> 4756 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smad (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Smad (Trojan.Agent) -> Data: "C:\Users\Daneka\AppData\Local\SanctionedMedia\Smad\Smad.exe" -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{21B37A05-81C0-4268-12CD-8DAFC51CC99D} (Malware.Packer) -> Data: C:\Users\Daneka\AppData\Roaming\Elru\zaqua.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Daneka\AppData\Local\SanctionedMedia\Smad\Smad.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Daneka\AppData\Roaming\Elru\zaqua.exe (Malware.Packer) -> Delete on reboot.
C:\Users\Daneka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowsupdate.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\Daneka\AppData\Local\Temp\xecrwamnso.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\dlhcmu\setup.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Daneka\Local Settings\Application Data\SanctionedMedia\Smad\Smad.exe (Trojan.Agent) -> Delete on reboot.

(end)

----------------------------------------------------------------------------------------------


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-14 09:45:53
Windows 6.0.6001 Service Pack 1
Running: rjiryo43.exe


---- Files - GMER 1.0.15 ----

File* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SSYOISVW\amanoloblonickpresp12-rot[1].jpg* 0 bytes
File* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SSYOISVW\7TItHQ_gdf4[1].jpg*************** 0 bytes
File* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SSYOISVW\1U7xpOY4La0[1].jpg*************** 0 bytes
File* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYJO3LIB\iframe[1]************************ 43 bytes
File* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYJO3LIB\iframe[1].txt******************** 74 bytes
File* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYJO3LIB\fabfitnessattire-rotator[1].jpg** 0 bytes
File* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYJO3LIB\passback.c.r[2].php************** 0 bytes
File* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYJO3LIB\dereklamprefall12-rotator[1].jpg* 0 bytes
File* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYJO3LIB\ft[1].stat*********************** 0 bytes
File* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYJO3LIB\fw-nonplayer-banner[8].htm******* 1302 bytes
File* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYJO3LIB\fw-nonplayer-banner[9].htm******* 1311 bytes
File* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYJO3LIB\backcookie[1].js***************** 0 bytes
File* C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYJO3LIB\log[1].txt*********************** 0 bytes
File* C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@server.iad.liveperson[2].txt********************************** 0 bytes
File* C:\Windows\Temp\fla4793.tmp***************************************************************************************************************************** 0 bytes

---- EOF - GMER 1.0.15 ----

--------------------------------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088
Run by Daneka at 10:00:52 on 2012-01-14
Microsoft® Windows Vista™ Home Premium** 6.0.6001.1.1252.44.1033.18.4055.1939 [GMT 0:00]
.
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcgcoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [QuickPhrase] "C:\Program Files (x86)\TypingMaster\QuickPhrase\quickphrase.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [SiteAdvisor] "C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [DSUpdateLauncher] "c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe"
StartupFolder: C:\Users\Daneka\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{093944F1-360C-47E2-87A1-8ED7C627792C} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3031C91F-7B4B-4C91-9970-635099C63746} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4BCAB083-4EDF-46CB-A023-3F666DF444CF} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EE9549A1-3210-427B-96CB-25BE42BCAF5B} : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:**** AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
BHO-X64:**** McAfee Phishing Filter - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO-X64:**** scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun-x64: [SiteAdvisor] "C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [DSUpdateLauncher] "c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce-x64: [STToasterLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe"
IE-X64: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
.
============= SERVICES / DRIVERS ===============
.R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-14 652872]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-1-13 101048]
R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2012-1-13 359952]
R2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2012-1-13 155456]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 0168201326477390mcinstcleanup;McAfee Application Installer Cleanup (0168201326477390);C:\Windows\TEMP\016820~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\016820~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-8 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-8 135664]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-24 93184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-01-14 08:47:35 -------- d-----w- C:\Users\Daneka\AppData\Roaming\Malwarebytes
2012-01-14 08:47:17 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-14 08:47:15 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-14 08:47:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-13 17:58:52 40904 ----a-w- C:\Windows\System32\drivers\mferkdk.sys
2012-01-13 17:58:49 49480 ----a-w- C:\Windows\System32\drivers\mfesmfk.sys
2012-01-13 17:58:49 307400 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-01-13 17:58:49 102600 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-01-13 17:58:43 176144 ----a-w- C:\Windows\System32\drivers\Mpfp.sys
2012-01-13 17:58:02 -------- d-----w- C:\Program Files\McAfee
2012-01-13 17:58:01 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-01-13 17:57:59 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-01-13 17:56:29 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-01-03 17:04:25 -------- d-----w- C:\Users\Daneka\AppData\Roaming\Ypuqol
2012-01-03 17:04:25 -------- d-----w- C:\Users\Daneka\AppData\Roaming\Elru
2011-12-30 23:22:27 -------- d-----we C:\Windows\system64
2011-12-30 23:22:05 -------- d-----w- C:\Users\Daneka\AppData\Local\SanctionedMedia
.
==================== Find3M* ====================
.
2011-11-07 21:28:40 63760 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
.
============= FINISH: 10:02:12.50 ===============
--------------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 26/09/2009 21:46:10
System Uptime: 14/01/2012 09:02:23 (1 hours ago)
.
Motherboard: Dell Inc. |* | 0G848F
Processor: Pentium(R) Dual-Core CPU****** T4200* @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 134 GiB total, 9 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 4.298 GiB free.
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Dell AIO 810
Device ID: ROOT\IMAGE\0000
Manufacturer: Dell
Name: Dell AIO 810 #2
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
==== System Restore Points ===================
.
RP133: 01/10/2011 08:34:28 - Installed Rapport
RP134: 03/10/2011 03:00:18 - Windows Update
RP135: 13/10/2011 03:00:23 - Windows Update
RP136: 23/10/2011 03:00:18 - Windows Update
RP137: 05/11/2011 09:50:29 - Installed Rapport
RP138: 12/11/2011 23:20:38 - Windows Update
RP139: 19/11/2011 14:05:51 - Installed Rapport
RP140: 14/12/2011 03:00:24 - Windows Update
RP141: 19/12/2011 03:00:17 - Windows Update
RP142: 25/12/2011 11:52:27 - Scheduled Checkpoint
RP143: 13/01/2012 03:00:17 - Windows Update
.
==== Installed Programs ======================
.
*Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 7.0
Adobe Premiere Elements 7.0
Adobe Reader 9.3.3
Apple Application Support
Apple Software Update
Belkin 54Mbps Wireless Network Adapter
Bing Bar
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Video Chat
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.0.1800
McAfee SecurityCenter
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010* x86 Redistributable - 10.0.30319
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PC Connectivity Solution
PowerDVD DX
QuickTime
Rapport
RealPlayer
RealUpgrade 1.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sky Broadband
Sky Broadband Browser Branding
SmartSound Quicktracks for Premiere Elements
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== End Of File ===========================
 
Welcome to TechSpot! I'll help with the redirect.

'Submit New Thread' from my PC.* Every time I click the link my internet goes off,
Click to expand...
This may not be malware related:
  • Do you get any message when you lose the connection?
  • Did you get the message when you tried to start the thread itself? What was it?
  • Or did you get it when you tried to paste the logs in?
  • Does this happen trying to access any other site?
  • Do you have to reboot to restore the connection? Does it stay on?
  • How much RAM do you have installed?
Please let me know. I'll review the logs but would like to get this information to determine if there is a glitch on the board.
=======================================
It appears that you have 64bit in Vista. You have a large number of unnecessary entries running in addition to the malware. Due to some of the entries I see in GMER, I'd like you to go ahead and run the following:
SASLogo48x48.gif

SuperAntiSpyware Home Edition Free Version
  • Please download SuperAntiSpyware from HERE
  • Launch SuperAntiSpyware and click on 'Check for updates'.
  • Wait for the updates to be installed
  • On the main screen click on 'Scan your computer'.
  • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
  • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
  • Make sure everything found has a checkmark next to it,then press 'Next'.
  • Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
  • Click on 'Preferences'.
  • Click on the 'Statistics/Logs' tab.
  • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
========================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

Please leave logs from SAS and Combofix in your next reply, in addition to the answers to my questions.
 
Bobbye said:
This may not be malware related:
  • Do you get any message when you lose the connection?
  • Did you get the message when you tried to start the thread itself? What was it?
  • Or did you get it when you tried to paste the logs in?
  • Does this happen trying to access any other site?
  • Do you have to reboot to restore the connection? Does it stay on?
  • How much RAM do you have installed?
Click to expand...

Thank you so much, I will do those things now but thought I'd answer these Qs first.
It's the basic 'Internet Explorer cannot display the webpage' message and when I click to diagnose reason it says it can't find a reason.
No, I only get the message when I tried to Preview Thread and Submit New Thread, everything else seemed to work fine and me replying to this seems to be ok at the moment so it may have been a mini glitch this morning!
The connection stays on as far as I'm aware, usually if I lose connection there is a cross in the bottom right hand side of my screen but the little globe stayed on, that's why I thought is was odd.
You may have the bare with me on this one as I'm not good with computer terms but I believe RAM is memory (?) and I have 134GB but not a lot free from iTunes. I tried to clean up as much as possible a few months ago but nothing seemed to work.

I will do the other sections of your message now and post the results.

Thanks again, D
 
Ok, the SAS Report is too long for one reply so I will split in to two:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/14/2012 at 05:46 PM

Application Version : 5.0.1142

Core Rules Database Version : 8134
Trace Rules Database Version: 5946

Scan type : Complete Scan
Total Scan Time : 01:10:11

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Limited User

Memory items scanned : 557
Memory threats detected : 0
Registry items scanned : 79285
Registry threats detected : 0
File items scanned : 69591
File threats detected : 413

Adware.Tracking Cookie

Edit: Excess Tracking Cookies reviewed and delete by Bobbye
 
Combofix Report:

ComboFix 12-01-13.05 - Daneka 14/01/2012 18:12:04.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4055.2048 [GMT 0:00]
Running from: c:\users\Daneka\Desktop\ComboFix.exe
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\kwrd.dll
c:\windows\system32\consrv.dll
c:\windows\system32\java.exe
c:\windows\System64
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-12-14 to 2012-01-14 )))))))))))))))))))))))))))))))
.
.
2012-01-14 18:47 . 2012-01-14 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-14 16:34 . 2012-01-14 16:34 -------- d-----w- c:\programdata\SUPERSetup
2012-01-14 16:33 . 2012-01-14 16:33 -------- d-----w- c:\users\Daneka\AppData\Roaming\SUPERAntiSpyware.com
2012-01-14 16:33 . 2012-01-14 16:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-14 16:33 . 2012-01-14 16:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-14 08:47 . 2012-01-14 08:47 -------- d-----w- c:\users\Daneka\AppData\Roaming\Malwarebytes
2012-01-14 08:47 . 2012-01-14 08:47 -------- d-----w- c:\programdata\Malwarebytes
2012-01-14 08:47 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-14 08:47 . 2012-01-14 08:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-13 17:58 . 2009-06-18 10:08 40904 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2012-01-13 17:58 . 2009-06-18 10:15 49480 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2012-01-13 17:58 . 2009-06-18 10:15 307400 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-01-13 17:58 . 2009-06-18 10:15 102600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-01-13 17:58 . 2009-04-09 14:23 176144 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2012-01-13 17:58 . 2012-01-13 17:58 -------- d-----w- c:\program files\McAfee
2012-01-13 17:58 . 2012-01-13 17:58 -------- d-----w- c:\program files\Common Files\McAfee
2012-01-13 17:57 . 2012-01-13 17:58 -------- d-----w- c:\program files (x86)\McAfee.com
2012-01-13 17:56 . 2012-01-13 17:58 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-01-03 17:04 . 2012-01-14 09:02 -------- d-----w- c:\users\Daneka\AppData\Roaming\Elru
2012-01-03 17:04 . 2012-01-03 19:17 -------- d-----w- c:\users\Daneka\AppData\Roaming\Ypuqol
2012-01-03 17:03 . 2012-01-03 17:03 480306 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kered.exe
2011-12-30 23:22 . 2011-12-30 23:22 -------- d-----w- c:\users\Daneka\AppData\Local\SanctionedMedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-07 21:28 . 2011-06-13 18:46 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-02-27 202256]
"SiteAdvisor"="c:\program files (x86)\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\Daneka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
kered.exe [2012-1-3 480306]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 0054901326564230mcinstcleanup;McAfee Application Installer Cleanup (0054901326564230);c:\windows\TEMP\005490~1.EXE [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-08 16:05]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-08 16:05]
.
2012-01-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2012-01-13 08:57]
.
2012-01-14 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2012-01-13 08:57]
.
2012-01-14 c:\windows\Tasks\User_Feed_Synchronization-{D85A8F51-0C0E-4ECC-B72A-DA804D219161}.job
- c:\windows\system32\msfeedssync.exe [2011-06-18 04:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 202264]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-03-26 2115664]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
"combofix"="c:\combofix\CF5817.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-QuickPhrase - c:\program files (x86)\TypingMaster\QuickPhrase\quickphrase.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-F5D7050v3 - c:\program files (x86)\Belkin\F5D7050v3\Belkinwcui.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\program files (x86)\SiteAdvisor\6172\SAService.exe
c:\windows\SysWOW64\rundll32.exe
c:\progra~2\McAfee\MSC\mcmscsvc.exe
c:\progra~2\mcafee.com\agent\mcagent.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\progra~2\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-01-14 18:58:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-14 18:58
.
Pre-Run: 9,072,889,856 bytes free
Post-Run: 11,030,417,408 bytes free
.
- - End Of File - - D1D4AFAC0A4CF47B8D115F1C1F48E9C2


Thank you!
 
Okay, let's take things one at a time:
>>'a cross in the bottom right hand side of my screen but the little globe stayed on, that's why I thought is was odd'. Please do a right click> Properties on the 'globe' and see if you can tell me what it's for.

>>'Internet Explorer cannot display the webpage'. This is a server problem. I had a time earlier today when TechSpot wouldn't load. Let me know if it happens again.
===================================
A deletion in Combofix on the E Drive indicates you may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.
Please disinfect all movable drives
  1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  4. Wait until it has finished scanning and then exit the program.
  5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=================
You have several entries from 2011-12-30 23:22 -------- d-----w- c:\users\Daneka\AppData\Local\SanctionedMedia >> Adware:MSIL/SanctionedMedia is a program that delivers pop-up advertisements on a number of different web browsers. If you have a program by this name or an Application, it should be removed as it is the source of malware.
=================
It appears that there is no Cookie control. 3rd party Cookies allow Tracking Cookies and may be a source of the abundance of adware you have. I'd like you to do the following:

Reset Cookies
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
=====================================
Regrading security when running Combofix:
.Close/disable all anti virus and anti malware programs
Click to expand...
Please read the directions for each program I ask you to run. It's important. What you had running:
AV: McAfee VirusScan *Enabled/Outdated*
FW: McAfee Personal Firewall *Enabled*
SP: McAfee VirusScan *Enabled
Click to expand...
Each of the above should have been disabled to run the Combofix scan. Not doing so can affect the scan. I also bring your attention to the "Outdated" description for the AV.
====================================
About RAM vs Hard Drive
The amount of RAM you have is okay. But the problem is the free hard drive space- you have only
C: is FIXED (NTFS) - 134 GiB total, 9 GiB free.>>you have only about 8% of the HD free. It should be kept to as close to 80% as possible. Since you know the iTunes are in abundance, suggestions is that you move or remove some of the music.
E: is FIXED (NTFS) - 15 GiB total, 4.298 GiB free.Partition?
=================================
Can you identiffy any of these entries?
c:\users\Daneka\AppData\Roaming\Elru
2012-01-03 17:04 . 2012-01-03 19:17 -------- d-----w- c:\users\Daneka\AppData\Roaming\Ypuqol
2012-01-03 17:03 . 2012-01-03 17:03 480306 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kered.exe
===============================
I'd like you to repeat Combofix with the security disabled. After I review the log and you let me know about the processes I asked about, I'll have you run some script through Combofix.
==============================
Also run HijackThis- it will help me suggest processes for you to stop: You have unnecessary processes running and numerous auto-updaters. It's not to sensible to have an auto-updater running> example: Java autoupdate is running, but Java is 10 updates behind. This is a vulnerability to the system.

First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-----------------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
  • Extract it to the directory on your hard drive you created C:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
========================================
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..

Please leave new Combofix log, HijackThis log
 
Hi

Thank you for your help!

I've attached a print screen of my McAfee. I'm desperately trying to run the ComboFix again but as with the first time it's picking up my AntiVirus which isn't switched on. I've done a print screen of the options that I've checked for the AV and the print screen of the home page to show that everything is disabled yet it's still saying it's switched on. I've been through the instuctions on the page you included last time and I've done everything it asked but it doesnt seem to be making a difference. As it's an older version (2yrs ish - I paid for 3 yrs worth) should I just uninstall it for now?

D

P.S. I have deleted the SanctionedMedia file and checked my flashdrives, they all seemed clean. This was a flashdrive, an iPod and my phones.
 

Attachments

  • Print Screen 1.pdf
    140.5 KB · Views: 2
  • Print Screen 2.pdf
    113 KB · Views: 1
Print Screen 1: What do youi get when you click on the Advanced buton in the 'Virus protection is disabled' section?
Print Screen 2:What comes up if you click on 'Configure' in the panel on the left?

You know what they say about a picture being worth a thousand words>> see if this helps:

How to Disable McAfee Security Center :

Please navigate to the McAfee icon
mcafee.png
by the clock:
mcafee_disable.gif

Pause for screen changes.
Note the "Never" choice.
Is this any different than what you did?
(Animated gif courtesy bleeping computer)
----------------------------------------------------------
You may also have to do this:
Disable the ScriptScan feature inside McAfee.
  • Right-click on the McAfee icon in the taskbar. You will see this:
    mcafee2.jpg
  • Select On-Access Scan Properties.
  • Click on the ScriptScan tab
  • Uncheck Enable ScriptScan
  • Click the Apply or OK buttons
 
Well, I'm so sorry but I know I'm gonna become a nuisance now!

I tried everything with my McAfee and it wouldn't work, everything was unticked and it got to the point where it wouldn't open from the taskbar so I completely uninstalled it. I still have the disc so thought I can reinstall once Combofix is done but it's still picking up the AV! There is no McAfee on my PC anywhere but it still seems to be affecting the Combofix. I then downloaded another version of Combofix from the other website you listed and that's the same.

Do you want me to download something that shows you the files I'm running as that might pick up an AV I'm missing?

I'm so sorry again, I feel like a right ***** but computers fail me! :)
 
Not to worry! I should have a penny for each person this happens to!

Have you tried going ahead with the scan anyway? If not, do so. If you cannot, do this first:

Boot into Safe Mode with Networking
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, and then press ENTER.

Now try Combofix. If McAfee is hiding somewhere in the system, it doesn't start in this mode.

IF you do get any notice about McAfee, let me know exactly what it says- OK?
 
Ok, ComboFix is still saying it's coming up against McAfee but this is the log after it ran:
ComboFix 12-01-16.02 - Daneka 17/01/2012 22:50:14.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4055.2469 [GMT 0:00]
Running from: c:\users\Daneka\Desktop\ComboFix2.exe
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 23:11 . 2012-01-17 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-17 23:11 . 2012-01-17 23:11 -------- d-----w- c:\users\Daneka\AppData\Local\temp
2012-01-16 18:11 . 2012-01-16 18:11 -------- d-----w- c:\users\Daneka\AppData\Local\Ilivid Player
2012-01-16 18:09 . 2012-01-16 18:10 -------- d-----w- c:\program files (x86)\iLivid
2012-01-16 18:08 . 2012-01-16 18:08 -------- d-----w- c:\users\Daneka\AppData\Local\PackageAware
2012-01-14 16:34 . 2012-01-14 16:34 -------- d-----w- c:\programdata\SUPERSetup
2012-01-14 16:33 . 2012-01-14 16:33 -------- d-----w- c:\users\Daneka\AppData\Roaming\SUPERAntiSpyware.com
2012-01-14 16:33 . 2012-01-14 16:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-14 16:33 . 2012-01-14 16:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-14 08:47 . 2012-01-14 08:47 -------- d-----w- c:\users\Daneka\AppData\Roaming\Malwarebytes
2012-01-14 08:47 . 2012-01-14 08:47 -------- d-----w- c:\programdata\Malwarebytes
2012-01-14 08:47 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-14 08:47 . 2012-01-14 08:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-03 17:04 . 2012-01-14 09:02 -------- d-----w- c:\users\Daneka\AppData\Roaming\Elru
2012-01-03 17:04 . 2012-01-03 19:17 -------- d-----w- c:\users\Daneka\AppData\Roaming\Ypuqol
2012-01-03 17:03 . 2012-01-03 17:03 480306 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kered.exe
2012-01-03 08:22 . 2012-01-03 08:22 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-07 21:28 . 2011-06-13 18:46 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-14_18.50.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-01-16 18:34 57094 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-01-16 18:34 69416 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-05 16:16 . 2012-01-16 18:34 11446 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1310831283-2897511515-3620769114-1000_UserData.bin
- 2009-10-05 16:09 . 2012-01-14 18:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-05 16:09 . 2012-01-16 18:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-05 16:09 . 2012-01-14 18:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-05 16:09 . 2012-01-16 18:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-05 16:09 . 2012-01-14 18:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-05 16:09 . 2012-01-16 18:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-22 21:26 . 2012-01-16 18:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-22 21:26 . 2012-01-07 23:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-22 21:26 . 2012-01-07 23:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-22 21:26 . 2012-01-16 18:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-22 21:26 . 2012-01-16 18:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-22 21:26 . 2012-01-07 23:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-22 19:50 . 2012-01-14 18:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-22 19:50 . 2012-01-14 10:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-22 19:50 . 2012-01-14 10:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-22 19:50 . 2012-01-14 18:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-14 18:49 . 2012-01-14 18:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-16 18:33 . 2012-01-16 18:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-16 18:33 . 2012-01-16 18:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-14 18:49 . 2012-01-14 18:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-01-21 03:20 . 2012-01-16 18:35 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-01-14 18:49 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-05 17:33 . 2012-01-17 22:47 250080 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:46 . 2012-01-14 17:56 609196 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-01-16 22:37 609196 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-01-16 22:37 108672 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-01-14 17:56 108672 c:\windows\system32\perfc009.dat
- 2009-11-17 15:00 . 2012-01-14 09:53 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-17 15:00 . 2012-01-16 18:18 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2008-01-21 03:20 . 2012-01-14 18:49 2342912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-16 18:35 2342912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-16 18:35 2064384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-01-14 18:49 2064384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-15 12:23 . 2012-01-15 12:23 3947520 c:\windows\Installer\3c3fc52.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-02-27 202256]
"SiteAdvisor"="c:\program files (x86)\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Daneka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
kered.exe [2012-1-3 480306]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-08 16:05]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-08 16:05]
.
2012-01-17 c:\windows\Tasks\User_Feed_Synchronization-{D85A8F51-0C0E-4ECC-B72A-DA804D219161}.job
- c:\windows\system32\msfeedssync.exe [2011-06-18 04:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 202264]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-01-17 23:15:10
ComboFix-quarantined-files.txt 2012-01-17 23:15
ComboFix2.txt 2012-01-14 18:58
.
Pre-Run: 10,620,145,664 bytes free
Post-Run: 10,647,056,384 bytes free
.
- - End Of File - - DE19434856EC80F469BC40C61D5405BD

This is the HijackThis file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:22:03, on 17/01/2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
C:\Users\Daneka\AppData\Local\temp\Temp1_HijackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: kered.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} (Bonusprint Image Uploader Version 6.x Control) - http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: dlcg_device - Unknown owner - C:\Windows\system32\dlcgcoms.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10649 bytes
 
About the pesky McAfee Program. The install date shows 2012-01-13 17:58:02 -------- d-----w- C:\Program Files\McAfee. The first scan has this date: mbam-log-2012-01-14 (08-48-36).txt
Did you have any antivirus program on the system before McAfee?
===========================================
Please run the following in the order I have them. Print out the list for your convenience. Please read all of the instructions before you begin:

it is important that you do not delete any files from your Temp folder or use any temp file cleaners.
Note: If #1, 2 or 3 do not apply to your current problems, you can skip that section. Please run all others.
1. Download Unhide.exe and save to the desktop.
  • Double-click on Unhide.exe icon to run the program.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
Note: This does not remove the malware- only the attribute that hides icons and programs. It is important that you continue.
================================
2. Boot into Safe Mode with Networking
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode with Networking option when the Windows Advanced Opti; ons menu appears, using your up/down arrows to reach it and then press ENTER.
=======================================
3. To end the processes that belong to the rogue program:
Please click on RKill
  • At the download page, click on Download now button for iExplore.exe download link and save to the desktop
  • Double click on the iExplore.exe icon
    [o]Note: If you can't find the iExplore.exe icon, execute the program as follows based on your OS:
    For Windows 7/ Windows Vista: Start> type or copy/paste %userprofile%\desktop\iexplore.exe> Enter. If prompted, please allow.
  • Please be patient- it may take a bit.
  • The black Window will close when through and you can continue.
Note: If you get a message that RKilll is malware, ignore it> it's from the malware.
=======================================
Do not reboot your computer after runningRKilll as the malware programs will start again.
================================
4. This malware frequently comes with the TDSSrootkit, so do the following:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result.
  • A reboot is required after disinfection.
====================================
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
5. Update and rescan with Malwarebytes:
  • Select Perform Full Scan on the Scanner tab
  • Click on the Scan button.
  • When scan has finished, you will see this image:
    scan-finished.jpg
  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format>Uncheck Word Wrap before copying the log to paste in your next reply.
==============================
6. Correct Display Changes if needed:
If the desktop background is black or if the theme has been removed:
For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
=====================================
7. Some items may not show on the Start menu. To add them back:
  • Right click on Start> Properties
  • Taskbar and Start Menu Properties screen appears
  • choose Start Menu tab> Click on Customize
  • For Windows XP> Choose Advanced tab
  • Check the items you want back on the Start Menu
  • When finished> click on OK> Apply and close.
====================================
You can now reboot back into Normal Mode
====================================
Please advise on how system is running when finished.
 
Hi, thank you...
Firstly,McAfee has been on my pc since I got it which was about 2.5yrs ago, but when all the problems started I thought it was because I'd allowed my subscription to lapse and as I had paid for 3 yrs cover I 're-installed' it so I think that's why it says that and I did a scan and it didn't find anything wrong hence why I came on here.

Secondly, I'm trying to run the RKill and it came up with an error and said it would close the program. I will paste the log below, did it work correctly?

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 20/01/2012 at 17:02:08.
Operating System: Windows (TM) Vista Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\rundll32.exe


Rkill completed on 20/01/2012 at 17:02:11.
 
What did the RKill error say?

Have you tried going on with the instructions? Please do so.
 
Ok, I tried RKill again and no error came up.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 22/01/2012 at 20:18:56.
Operating System: Windows (TM) Vista Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 22/01/2012 at 20:18:59.


..........................................................................

This is the Malwarebytes log:
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.22.03

Windows Vista Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19088
Daneka :: DANEKA-PC [administrator]

Protection: Disabled

22/01/2012 20:23:33
mbam-log-2012-01-22 (20-23-33).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 350171
Time elapsed: 54 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Qoobox\Quarantine\C\Windows\assembly\temp\kwrd.dll.vir (PUP.BitMiner) -> Quarantined and deleted successfully.

(end)

I will reboot now in normal mode and check the internet for you.
 
Nothing new in Malwarebytes! That;a good thing!

Are still being redirected? Are there any other problems we haven't resolved? If yes, tell me what they are.
 
Hi, everything seems to be working absolutely fine. I've ditched my McAfee and gone with the Windows Free AVG thing until I get paid so I can buy something a bit more robust. In the past 2 days however, I have had two Trojan Viruses blocked. I'm also looking for an external hard-drive to store my music. I think that should sort everything.

I can't thank you enough, you're a star!!

D :)
 
You're welcome! Glad to help. I will add a star to my crown (giggle giggle!)

As long as the Trojans are getting blocked, the AV is doing it's job! There are thousands and thousands of malware scans every day, looking for unprotected systems.
---------------------
You might want to consider either of these:
[o]Antivirus :(only one):Both of the following programs are free and known to be good:
[o]Avira-AntiVir-Personal-Free-Antivirus
[o]Avast-Free Antivirus

and one of these:
[o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
[o]Comodo
[o]Zone Alarm
------------------------
Here are some other tips for added security and safer browsing: (Links are in Bold Blue)
  1. Browser Security
    [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
    [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
    [o] Replace the Host Files
    [o] Google Toolbar Pop Up Blocker
    [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
  2. Have layered Security:
    [o]Antivirus and Firewall above
  3. Antimalware: I recommend all of the following:
    [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
    [o]Spybot Search & Destroy
  4. Updates: Stay current:
    [o] Microsoft Download Site. All updates marked Critical and the current SP updates.
    [o]Adobe Reader Install current, uninstall old.
    [o]Java Updates Install current, uninstall old.
  5. Tracking Cookies
    Reset Cookie:
    [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
    [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List
    [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
  6. Do regular Maintenance
    Clean the temporary internet files often:
    [o] Temporary File Cleaner]
    or
    [o] ATF Cleaner by Atribune
  7. Restore Points:
    [o]See System Restore Guide
  8. Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
Please let me know if you find any bad link.
=======================================
Since the malware problems have been resolved, go ahead with>
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin

Let me know if you have an questions.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
2K
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
3K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
3K
adidaman27
A

Latest posts

Back