Inactive System check virus, please help remove

Status
Not open for further replies.
MBAM Log

Running in safe mode w/networking, below is the log from Malwarebytes

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.01

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Admin :: MAIN [administrator]

1/9/2012 9:07:48 PM
mbam-log-2012-01-09 (21-07-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245745
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|oklbxWqyXCYA.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\oklbxWqyXCYA.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 11
C:\ProgramData\oklbxWqyXCYA.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\ProgramData\iEQu3AI1egu1eN.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2906683688-78787508-1238319441-1006\Dc3070.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2906683688-78787508-1238319441-1006\Dc3083.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2906683688-78787508-1238319441-1006\Dc2939.0-AiR\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-57989841-308236825-839522115-1003\Dc1\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-57989841-308236825-839522115-1003\Dc2\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ICReinstall\PDFConverterSetup[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\kilslmd.exex (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ppddfcfux.exxe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)
 
GMER Log

Run in safe mode w/networking

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-10 06:28:24
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3160815AS rev.3.ADA
Running: g6bm1et1.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pxldypog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82640369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82679D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\jntqrwk.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[896] kernel32.dll!WriteFile 75C553EE 5 Bytes JMP 000A000A
.text C:\Windows\system32\svchost.exe[896] USER32.dll!GetCursorPos 7575A4B3 5 Bytes JMP 0064000A
.text C:\Windows\system32\svchost.exe[896] USER32.dll!GetForegroundWindow 7576335D 5 Bytes JMP 0066000A
.text C:\Windows\system32\svchost.exe[896] USER32.dll!WindowFromPoint 75786BE9 5 Bytes JMP 0065000A
.text C:\Windows\system32\svchost.exe[896] ole32.dll!CoCreateInstance 75AD9D0B 5 Bytes JMP 0042000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1196] USER32.dll!CreateWindowExW 7575EC7C 5 Bytes JMP 6F603894 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1196] USER32.dll!DialogBoxParamW 75773B9B 5 Bytes JMP 6F537F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1196] USER32.dll!DialogBoxIndirectParamW 75783B7F 5 Bytes JMP 6F73DF28 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1196] USER32.dll!DialogBoxParamA 7579CF42 5 Bytes JMP 6F73DEC5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1196] USER32.dll!DialogBoxIndirectParamA 7579D274 5 Bytes JMP 6F73DF8B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1196] USER32.dll!MessageBoxIndirectA 757AE869 5 Bytes JMP 6F73DE5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1196] USER32.dll!MessageBoxIndirectW 757AE963 5 Bytes JMP 6F73DDEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1196] USER32.dll!MessageBoxExA 757AE9C9 5 Bytes JMP 6F73DD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1196] USER32.dll!MessageBoxExW 757AE9ED 5 Bytes JMP 6F73DD2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2004] USER32.dll!CallNextHookEx 7575ABE1 5 Bytes JMP 6F573CA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2004] USER32.dll!UnhookWindowsHookEx 7575ADF9 5 Bytes JMP 6F62D90F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2004] USER32.dll!SetWindowsHookExW 7575E30C 5 Bytes JMP 6F5C7DD1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2004] USER32.dll!CreateWindowExW 7575EC7C 5 Bytes JMP 6F603894 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2004] USER32.dll!DialogBoxParamW 75773B9B 5 Bytes JMP 6F537F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2004] USER32.dll!DialogBoxIndirectParamW 75783B7F 5 Bytes JMP 6F73DF28 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2004] USER32.dll!DialogBoxParamA 7579CF42 5 Bytes JMP 6F73DEC5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2004] USER32.dll!DialogBoxIndirectParamA 7579D274 5 Bytes JMP 6F73DF8B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2004] USER32.dll!MessageBoxIndirectA 757AE869 5 Bytes JMP 6F73DE5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2004] USER32.dll!MessageBoxIndirectW 757AE963 5 Bytes JMP 6F73DDEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2004] USER32.dll!MessageBoxExA 757AE9C9 5 Bytes JMP 6F73DD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2004] USER32.dll!MessageBoxExW 757AE9ED 5 Bytes JMP 6F73DD2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2004] ole32.dll!OleLoadFromStream 75A96143 5 Bytes JMP 6F73E27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2004] ole32.dll!CoCreateInstance 75AD9D0B 5 Bytes JMP 6F603422 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!CallNextHookEx 7575ABE1 5 Bytes JMP 6F573CA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!UnhookWindowsHookEx 7575ADF9 5 Bytes JMP 6F62D90F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!SetWindowsHookExW 7575E30C 5 Bytes JMP 6F5C7DD1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!CreateWindowExW 7575EC7C 5 Bytes JMP 6F603894 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!DialogBoxParamW 75773B9B 5 Bytes JMP 6F537F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!DialogBoxIndirectParamW 75783B7F 5 Bytes JMP 6F73DF28 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!DialogBoxParamA 7579CF42 5 Bytes JMP 6F73DEC5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!DialogBoxIndirectParamA 7579D274 5 Bytes JMP 6F73DF8B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!MessageBoxIndirectA 757AE869 5 Bytes JMP 6F73DE5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!MessageBoxIndirectW 757AE963 5 Bytes JMP 6F73DDEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!MessageBoxExA 757AE9C9 5 Bytes JMP 6F73DD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] USER32.dll!MessageBoxExW 757AE9ED 5 Bytes JMP 6F73DD2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] ole32.dll!OleLoadFromStream 75A96143 5 Bytes JMP 6F73E27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2536] ole32.dll!CoCreateInstance 75AD9D0B 5 Bytes JMP 6F603422 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1264] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0103A510] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [739D2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [739B5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [739B56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [739D24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [739C8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [739C4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [739C506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [739C5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [739C6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [739C826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [739C87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [739C901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [739CE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [739C4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
 
DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Admin at 10:50:31 on 2012-01-10
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.3061.1452 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Update\Install\{409A5E27-934D-46A9-BBF0-7C2FA5221151}\GoogleToolbarInstaller_updater_signed.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\ProgramData\WeCareReminder\ReminderHelper.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4GGLL_enUS366US366
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120108135843.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - g:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - g:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [<NO NAME>]
uRun: [SsAAD.exe] g:\progra~1\sony\SsAAD.exe
uRun: [PhotoJoy] c:\program files\photojoy\bin\PhotoJoy.exe /c
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [DigidesignMMERefresh] g:\program files\digidesign\digidesign\drivers\MMERefresh.exe
mRun: [Adobe Photo Downloader] "g:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "g:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Freecorder FLV Service] "g:\program files\freecorder\FLVSrvc.exe" /run
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "g:\program files\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [eFnStcmpnllsRFa.exe] c:\programdata\eFnStcmpnllsRFa.exe
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\admin\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~2.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - g:\program files\mp4-converter\YouTubeRipper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\progra~1\micros~1\office11\REFIEBAR.DLL
Trusted Zone: dell.com\ausctrxw004.aus.amer
Trusted Zone: dell.com\ausctrxw03.aus.amer
Trusted Zone: dell.com\pool_rim_itaas4_pc1.us
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
Trusted Zone: usps.com\sss-web
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {462D5053-2D60-4022-B583-7E34AA0F90B7} - hxxps://itaas5.dell.com/servlets/activex/popupmenu.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {BDEB0088-66F9-4A55-ABD2-0BF8DEEC1196} - hxxps://itaas5.dell.com/servlets/activex/teechart8.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2FCB8A38-EC56-452D-82AC-C15B4874EB6E} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-01-10 03:06:34 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2012-01-10 03:06:26 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-10 03:06:26 -------- d-----w- c:\programdata\Malwarebytes
2012-01-10 03:06:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-01 00:41:37 737072 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-12-23 21:01:23 -------- d-----w- c:\program files\iPod
2011-12-23 21:01:21 -------- d-----w- c:\program files\iTunes
2011-12-15 05:18:41 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 05:18:41 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
==================== Find3M ====================
.
2011-12-09 16:44:26 60304 ----a-w- c:\users\admin\g2mdlhlpx.exe
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-29 14:11:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-26 04:28:12 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-15 19:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 19:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 19:16:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 19:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 19:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 19:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 19:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 19:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 19:16:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 19:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-15 05:38:59 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-10-13 03:56:20 737280 ----a-w- c:\windows\iun6002.exe
.
============= FINISH: 10:59:04.33 ===============
 
DDS Attach Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate N
Boot Device: \Device\HarddiskVolume1
Install Date: 2/12/2010 11:32:40 PM
System Uptime: 1/10/2012 10:41:03 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0CU409
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2331/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 13.776 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP261: 1/9/2012 5:59:25 PM - Jan 9 After deleting "System Check" virus
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
50 FREE MP3s +1 Free Audiobook!
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Help Center 2.0
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop Elements 4.0
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Advertising Center
AltoMP3 Gold 5.20
AnalogX Vocal Remover
AnkhSVN 2.1.8420.8
Any DWG to Image Converter 2010
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian Director
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ask Toolbar
ASPCA TriMini Reminder by We-Care.com v5.0.2.1
AutoCAD 2010 - English
AutoCAD 2010 Language Pack - English
Autodesk DWF Viewer
AvalonDock 1.2 (Build 2691) (1.2.2691)
AVS Document Converter 2.1.2
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Editor 6
AVS Video Recorder 2.4
AVS Video ReMaker 4.0.8.140
AVS4YOU Software Navigator 1.4
Bing Bar
Bonjour
Canon MP Navigator 2.2
Canon MP830
Canon Utilities Easy-PhotoPrint
CCScore
Cisco AnyConnect VPN Client
Citrix XenApp Web Plugin
Click to Call with Skype
Conduit Engine
Coupon Printer for Windows
Crystal Reports Basic for Visual Studio 2008
Crystal Reports for Visual Studio
D3DX10
DB CIF Cam
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Digidesign Free Bomb Factory Plug-Ins 7.4
Digidesign Pro Tools M-Powered 7.4cs10
Digidesign Shared Plug-Ins 7.4
Disney Micro
Disney Pix Micro Downloader
DolbyFiles
Dotfuscator Software Services - Community Edition
DriveWare 2.6.2
Dropbox
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
exPressit S.E. 2.2
FLAC To MP3 V4.0.4
FoxTab PDF Converter
Free PDF to Word Doc Converter v1.1
Freecorder 5
Freecorder Toolbar
G2
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.1.0.873
Hit'n'Mix Play
Hollywood Pets v1.3
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB982218)
iCloud
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Interlok driver setup x32
Internet TV for Windows Media Center
iTunes
iZotope RX
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Karaoke Anything!
Kodak EasyShare software
M-Audio MobilePre Driver 6.0.1 (x86)
Malwarebytes Anti-Malware version 1.60.0.1800
McAfee Total Protection
Menu Templates - Starter Kit
Mesh Runtime
Messenger Companion
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Document Explorer 2008
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Design 4
Microsoft Expression Encoder 4 Pro
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Studio 4
Microsoft Expression Web 4
Microsoft F# Runtime for Silverlight 4
Microsoft Help Viewer 1.0
Microsoft IntelliPoint 8.1
Microsoft IntelliType Pro 8.0
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Communicator 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Ultimate 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Silverlight Tools for Visual Studio 2010
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Web Authoring Component
Microsoft Web Platform Installer 2.0
Microsoft Windows Media Video 9 VCM
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Movie Templates - Starter Kit
Mozilla Firefox 8.0.1 (x86 en-US)
MP3 Rocket
MP4-Converter 4.1.0
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH Toolbox
Neodynamic Barcode Professional 3.0 for WPF
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
netbrdg
Nikon Message Center
Nikon Transfer
Nikon View 6
Notepad++
NTI Shadow
OfotoXMI
OGA Notifier 2.0.0048.0
OpenMG Limited Patch 4.6-06-09-04-01
OpenMG Secure Module 4.6.00
OverDrive Media Console
Paint.NET v3.5.10
PDF Manual NW-S600/S700F Series
PDF Settings CS5
PENonPC
Picture Control Utility
PowerISO
Presto! PageManager 7.15.14
Prism Video File Converter
Pure Sudoku 1.52
QuickBooks Premier: Retail Edition 2006
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
REAPER
Replay Video Capture
Safari
ScanSoft OmniPage SE 4.0
Search Toolbar
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2251489)
SFR
SHASTA
Simple Sudoku 4.1
skin0001
SKINXSDK
SonicStage 4.1
SoundTrax
staticcr
Switch Sound File Converter
swMSM
System Requirements Lab for Intel
TC Bundle v2.0
TC Native Reverb
TortoiseSVN 1.6.8.19260 (32 bit)
TreeSize Free V2.5
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VBA (2627.01)
VC Runtimes MSI
VideoPad Video Editor
ViewNX
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio Tools for the Office system 3.0 Runtime
VisualSVN Server 2.1.2
Vo300 USB Internet Speakerphone
Vogone Demo
VPRINTOL
Waves Native Gold Bundle v3.01
WCF RIA Services V1.0 for Visual Studio 2010
Web Deployment Tool
WebEx
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinMerge 2.12.4
WinRAR archiver
WIRELESS
WPF Toolkit February 2010 (Version 3.5.50211.1)
Yamaha LS9 Editor
Yamaha M7CL V3 Editor
Yamaha Studio Manager
Yontoo Layers Runtime 1.10.01
Zinio Alert Messenger
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012 9:31:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
1/9/2012 9:31:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
1/9/2012 9:30:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
1/9/2012 9:30:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/9/2012 9:27:58 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2012 9:27:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/9/2012 9:27:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/9/2012 9:27:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/9/2012 9:27:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SCDEmu spldr Wanarpv6
1/9/2012 9:27:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/9/2012 9:27:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82845fe8, 0x8c023864, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010912-28002-01.
1/9/2012 8:14:16 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.
1/9/2012 8:03:22 AM, Error: Service Control Manager [7023] - The Multimedia Class Scheduler service terminated with the following error: Not enough storage is available to process this command.
1/9/2012 6:42:21 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
1/9/2012 6:42:21 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
1/9/2012 6:19:16 PM, Error: Disk [11] - The driver detected a controller error on \...\DR3.
1/9/2012 6:05:32 PM, Error: Service Control Manager [7024] - The VisualSVN Server service terminated with service-specific error Incorrect function..
1/9/2012 6:05:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832afca0, 0x8db23b4c, 0x8db23730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010912-34335-01.
1/9/2012 5:29:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/9/2012 5:25:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
1/9/2012 5:25:30 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/8/2012 7:58:56 PM, Error: AeLookupSvc [1] - The Application Experience Lookup service failed to initialize.
1/8/2012 1:25:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/10/2012 10:41:38 AM, Error: Service Control Manager [7024] - The SQL Server (SQLEXPRESS) service terminated with service-specific error WARNING: You have until SQL Server (SQLEXPRESS) to logoff. If you have not logged off at this time, your session will be disconnected, and any open files or devices you have open may lose data..
1/10/2012 10:41:38 AM, Error: Service Control Manager [7000] - The VisualSVN Server service failed to start due to the following error: The system cannot find the file specified.
1/10/2012 10:41:35 AM, Error: Service Control Manager [7000] - The Digidesign MME Refresh Service service failed to start due to the following error: The system cannot find the file specified.
1/10/2012 10:40:15 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/10/2012 1:03:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
.
==== End Of File ===========================
 
Welcome to TechSpot! I'll help with the malware.

How do you know you have the rogue System Check? What is happening -symptoms-to you on the system? There are several very active rogue programs which give some of the similar symptoms- but they do not all have the same fixes.

You do have malware to be removed, including a rootkit on the MBS in addition to other infective processes. It appears that you have a history of using cracks and keygens- that is always a straight path to malware!
==========================================
There is another log from DDS. It is named Attach.txt. It is not clear if you found this> Steps for the Preliminary Virus and Malware Removal.. It instructs you to paste the log in and not zip it. Please include that in your next reply.
=======================================
Please run the following in Normal Mode:If you need to switch to Safe Mode with Networking, I will advise you. If you cannot access the internet, you will need to advise me.
-----------------------------------
Please download MBRCheck and save to your desktop
  • Double click on MBRCheck.exeto run.(Vista and Windows 7 users will have to confirm the UAC prompt)
  • It will show a Black screen with some information that will contain either the below line if no problem is found:
    [o] Done! Press ENTER to exit...
  • Or you will see more information like below if a problem is found:
    [o] Found non-standard or infected MBR.
    [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
  • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
  • Paste this log to your next message.
===========================================
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
=====================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=====================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
==============================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
Hi Bobbye, Thanks very much for helping me with this. I believe I have the System Check virus because the symptoms match what I've seen on other posts. Plus, that's the name of the new icon on my desktop. Symptoms include:

All files on all drives were hidden
Desktop cleared of all icons except System Check icon
System Check icon on the desktop
Loads of popups telling me of various problems
Shortcuts to all start menu items are gone

I tried to fix this myself by updating McAfee and doing a full scan. That worked for a day or so, then I was doing some indexing and it popped back up in full force. I did a shut down and got a screen telling me to wait for system updates to complete. This is the same message I've seen for valid Microsoft updates. I forced the reboot and came up in safe/networking mode and started through the five steps recommended for preliminary work.

The "attach.txt" log is in the post just before your post. I put the subject line as
"DDS Attach Log". It's pasted, not attached.
I'll go run MBRCheck and be back in a minute. Thanks Again!
 
MBRCheck Log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Vostro 200
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 160):
0x83205000 \SystemRoot\system32\ntkrnlpa.exe
0x83617000 \SystemRoot\system32\halmacpi.dll
0x86DA3000 \SystemRoot\system32\kdcom.dll
0x8382A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x838AF000 \SystemRoot\system32\PSHED.dll
0x838C0000 \SystemRoot\system32\BOOTVID.dll
0x838C8000 \SystemRoot\system32\CLFS.SYS
0x8390A000 \SystemRoot\system32\CI.dll
0x83A04000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83A75000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83A83000 \SystemRoot\system32\drivers\ACPI.sys
0x83ACB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x83AD4000 \SystemRoot\system32\drivers\msisadrv.sys
0x83ADC000 \SystemRoot\system32\drivers\pci.sys
0x83B06000 \SystemRoot\system32\drivers\vdrvroot.sys
0x83B11000 \SystemRoot\System32\drivers\partmgr.sys
0x83B22000 \SystemRoot\system32\drivers\volmgr.sys
0x83B32000 \SystemRoot\System32\drivers\volmgrx.sys
0x83B7D000 \SystemRoot\system32\drivers\pciide.sys
0x83B84000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x83B92000 \SystemRoot\System32\drivers\mountmgr.sys
0x83BA8000 \SystemRoot\system32\drivers\vmbus.sys
0x83BD2000 \SystemRoot\system32\drivers\winhv.sys
0x83BE4000 \SystemRoot\system32\drivers\atapi.sys
0x839B5000 \SystemRoot\system32\drivers\ataport.SYS
0x83BED000 \SystemRoot\system32\drivers\amdxata.sys
0x8B800000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B834000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B845000 \SystemRoot\system32\drivers\mfehidk.sys
0x8B8B4000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B8B9000 \SystemRoot\System32\Drivers\TPkd.sys
0x8BA01000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BB30000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BB5B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BB6E000 \SystemRoot\System32\Drivers\cng.sys
0x8BBCB000 \SystemRoot\System32\drivers\pcw.sys
0x8BBD9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B8D7000 \SystemRoot\system32\drivers\ndis.sys
0x8B98E000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B9CC000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BC3B000 \SystemRoot\System32\drivers\tcpip.sys
0x8BD85000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BDB6000 \SystemRoot\system32\drivers\mfewfpk.sys
0x8BDDD000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8BE14000 \SystemRoot\system32\drivers\volsnap.sys
0x8BE53000 \SystemRoot\System32\Drivers\spldr.sys
0x8BE5B000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BE88000 \SystemRoot\System32\Drivers\mup.sys
0x8BE98000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BEA0000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BED2000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BEE3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BF3A000 \SystemRoot\system32\drivers\cdrom.sys
0x8BF59000 \SystemRoot\System32\Drivers\Null.SYS
0x8BF60000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BF67000 \SystemRoot\System32\drivers\vga.sys
0x8BF73000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BF94000 \SystemRoot\System32\drivers\watchdog.sys
0x8BFA1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BFA9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BFB1000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8BFB9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BFC4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BFD2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BFE9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BC00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9180A000 \SystemRoot\system32\drivers\afd.sys
0x91864000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x9186B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9188A000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x91899000 \SystemRoot\system32\DRIVERS\netbios.sys
0x918A7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x918BA000 \SystemRoot\system32\drivers\termdd.sys
0x918CB000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x918D6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91917000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91921000 \SystemRoot\system32\drivers\mssmbios.sys
0x9192B000 \SystemRoot\System32\drivers\discache.sys
0x91937000 \SystemRoot\system32\drivers\csc.sys
0x9199B000 \SystemRoot\System32\Drivers\dfsc.sys
0x919B3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x919C1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x919E2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9242E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x92937000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92C12000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92C4B000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x92C83000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x92C8E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x92CD9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92CE8000 \SystemRoot\system32\drivers\HDAudBus.sys
0x92D07000 \SystemRoot\system32\drivers\1394ohci.sys
0x92D34000 \SystemRoot\system32\DRIVERS\fdc.sys
0x92D3F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x92D45000 \SystemRoot\system32\drivers\CompositeBus.sys
0x92D52000 \SystemRoot\system32\drivers\MP4ConverterAudio.sys
0x92D5C000 \SystemRoot\system32\drivers\portcls.sys
0x92D8B000 \SystemRoot\system32\drivers\drmk.sys
0x92DA4000 \SystemRoot\system32\drivers\ks.sys
0x92DD8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x92400000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92DEA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x839D8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BDE6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BBE2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x83800000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92DF5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x92C00000 \SystemRoot\system32\drivers\kbdclass.sys
0x92418000 \SystemRoot\system32\drivers\mouclass.sys
0x92C0D000 \SystemRoot\system32\drivers\swenum.sys
0x929EE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9220A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9224E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9225F000 \SystemRoot\system32\drivers\HdAudio.sys
0x922AF000 \SystemRoot\system32\drivers\mfeavfk.sys
0x922DA000 \SystemRoot\system32\drivers\mfefirek.sys
0x9232B000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x92336000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92338000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9AD60000 \SystemRoot\System32\win32k.sys
0x9234F000 \SystemRoot\System32\drivers\Dxapi.sys
0x92359000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x92367000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9237E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9238B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x92396000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9239F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x923B0000 \SystemRoot\system32\drivers\hidusb.sys
0x923BB000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x923CE000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x923D5000 \SystemRoot\system32\drivers\kbdhid.sys
0x923E1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9AFC0000 \SystemRoot\System32\TSDDD.dll
0x923EC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x923F7000 \SystemRoot\system32\DRIVERS\point32.sys
0x9AC00000 \SystemRoot\System32\cdd.dll
0x9AC20000 \SystemRoot\System32\ATMFD.DLL
0x8BF08000 \SystemRoot\system32\drivers\luafv.sys
0x94609000 \SystemRoot\system32\drivers\WudfPf.sys
0x94623000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x94633000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x94646000 \SystemRoot\system32\drivers\HTTP.sys
0x946CB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x946E4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x946F6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x94719000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x94754000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9FA29000 \SystemRoot\system32\drivers\peauth.sys
0x9FAC0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9FACA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9FAEB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9FB23000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9FB73000 \SystemRoot\System32\DRIVERS\srv.sys
0x9FBC5000 \SystemRoot\system32\drivers\mfebopk.sys
0x9FBD2000 \SystemRoot\system32\drivers\cfwids.sys
0x9FBDF000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9FBE8000 \??\C:\Users\Admin\AppData\Local\Temp\mbr.sys
0x77730000 \Windows\System32\ntdll.dll
0x48000000 \Windows\System32\smss.exe
0x77970000 \Windows\System32\apisetschema.dll

Processes (total 75):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
480 csrss.exe
532 C:\Windows\System32\wininit.exe
540 csrss.exe
592 C:\Windows\System32\services.exe
624 C:\Windows\System32\winlogon.exe
632 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
772 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\svchost.exe
1360 C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
1396 C:\Windows\System32\svchost.exe
1528 C:\Windows\System32\spoolsv.exe
1560 C:\Windows\System32\svchost.exe
1656 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1680 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1708 C:\Program Files\Bonjour\mDNSResponder.exe
1768 C:\Windows\System32\svchost.exe
1820 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
1864 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1880 C:\Windows\System32\rundll32.exe
1960 C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
2040 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
416 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
528 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
716 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1212 C:\Windows\System32\svchost.exe
1776 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
112 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
308 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2088 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
2356 C:\Windows\System32\taskhost.exe
2424 C:\Windows\System32\dwm.exe
2568 C:\Windows\explorer.exe
3212 C:\Program Files\McAfee.com\Agent\mcagent.exe
3244 C:\Windows\System32\M-AudioTaskBarIcon.exe
3264 C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
3280 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3296 C:\Windows\System32\hkcmd.exe
3304 C:\Windows\System32\igfxpers.exe
3328 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
3336 C:\Program Files\Microsoft IntelliType Pro\itype.exe
3344 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3404 C:\Program Files\iTunes\iTunesHelper.exe
3412 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3420 C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
3500 C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
3736 C:\Windows\System32\svchost.exe
3996 C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
4028 C:\Windows\System32\igfxsrvc.exe
3316 C:\Windows\System32\SearchIndexer.exe
3292 C:\Program Files\iPod\bin\iPodService.exe
4456 C:\Program Files\Windows Media Player\wmpnetwk.exe
4612 C:\Program Files\Internet Explorer\iexplore.exe
4740 C:\Program Files\Internet Explorer\iexplore.exe
4824 C:\Program Files\Google\Update\Install\{409A5E27-934D-46A9-BBF0-7C2FA5221151}\GoogleToolbarInstaller_updater_signed.exe
5272 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
5736 C:\Windows\System32\SearchProtocolHost.exe
5992 C:\Windows\System32\svchost.exe
6132 C:\ProgramData\WeCareReminder\ReminderHelper.exe
3576 C:\Windows\System32\cmd.exe
3752 C:\Windows\System32\conhost.exe
4412 C:\Windows\System32\mmc.exe
3484 C:\Windows\System32\wuauclt.exe
2172 C:\Windows\System32\prevhost.exe
6672 C:\Windows\System32\SearchFilterHost.exe
3492 C:\Users\Admin\Desktop\AndreaPCCleanUp\MBRCheck.exe
2160 C:\Windows\System32\conhost.exe
176 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: ST3160815AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
CKFiles Log

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\admin\favorites\hey lol cracks.url
scanner sequence 3.NA.11.GEAPBI
----- EOF -----
 
ComboFix Log

ComboFix 12-01-10.02 - Admin 01/10/2012 14:10:48.2.2 - x86
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.3061.1130 [GMT -6:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-10 20:32 . 2012-01-10 20:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-10 03:06 . 2012-01-10 03:06 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-01-10 03:06 . 2012-01-10 03:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-10 03:06 . 2012-01-10 03:06 -------- d-----w- c:\programdata\Malwarebytes
2012-01-10 03:06 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-01 00:41 . 2012-01-01 00:41 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-12-23 21:01 . 2012-01-08 15:08 -------- d-----w- c:\program files\iPod
2011-12-23 21:01 . 2012-01-08 15:08 -------- d-----w- c:\program files\iTunes
2011-12-15 05:18 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 05:18 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-01 00:41 . 2010-02-18 03:52 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-01 00:40 . 2010-06-03 11:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-01-01 00:40 . 2010-02-18 03:52 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-14 11:56 . 2010-02-28 11:03 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-03 23:57 . 2011-11-03 23:57 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-29 14:11 . 2011-08-20 16:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-15 19:16 . 2011-10-30 20:02 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 19:16 . 2010-02-13 06:01 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 19:16 . 2010-02-13 06:00 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 19:16 . 2010-02-13 06:00 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 19:16 . 2010-02-13 06:00 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 19:16 . 2010-02-13 06:00 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 19:16 . 2010-02-13 06:00 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 19:16 . 2010-02-13 06:00 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 19:16 . 2010-02-13 06:00 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 19:16 . 2010-02-13 06:00 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 21:54 175912 ---ha-w- c:\program files\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 21:54 175912 ---ha-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 22:40 1362320 ---ha-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-22 23:53 787744 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-13 39408]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-12 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-09-02 643592]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R2 VisualSVNServer;VisualSVN Server;g:\program files\VisualSVN Server\bin\VisualSVNServer.exe [x]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 45464]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-28 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [2009-12-23 54328]
R3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\system32\DRIVERS\MAudioMobilePre.sys [2009-09-02 158344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 87656]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2010-09-11 245760]
R3 SQTECH9052;Disney Micro;c:\windows\system32\Drivers\Capt9052.sys [2008-02-21 41216]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;g:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1343400]
R3 XLREN;XLREN;c:\users\Admin\AppData\Local\Temp\XLREN.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 165680]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 64880]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 160608]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 150856]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]
S3 MP4ConverterAudio;MP4ConverterAudio;c:\windows\system32\drivers\MP4ConverterAudio.sys [2010-09-11 23608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 05:56]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 05:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4GGLL_enUS366US366
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com\ausctrxw004.aus.amer
Trusted Zone: dell.com\ausctrxw03.aus.amer
Trusted Zone: dell.com\pool_rim_itaas4_pc1.us
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
Trusted Zone: usps.com\sss-web
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {BDEB0088-66F9-4A55-ABD2-0BF8DEEC1196} - hxxps://itaas5.dell.com/servlets/activex/teechart8.cab
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4188)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\spool\drivers\w32x86\3\WrtProc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-01-10 14:57:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-10 20:57
ComboFix2.txt 2012-01-10 19:44
.
Pre-Run: 27,031,838,720 bytes free
Post-Run: 26,822,995,968 bytes free
.
- - End Of File - - AE7BB9ABC62731211D91780FCD065C6B
 
ESET - No log

I ran ESET scan and it ran for about 5 hours. Last time I checked it there were 15 files flagged, I think it said they were infected, but I can't be sure. At the end there was a Finish button, but no log file.
 
ESET Again - with log result

Bobbye, I ran ESET again and got it right this time. Here is the log result from the scan.

C:\ProgramData\Real\RealUpgrade\upgradeconfiginfo_1370221.xml Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application
C:\System Volume Information\SystemRestore\FRStaging\RECYCLER\S-1-5-21-2906683688-78787508-1238319441-1006\Dc3070.exe a variant of Win32/Keygen.AR application
C:\System Volume Information\SystemRestore\FRStaging\RECYCLER\S-1-5-21-2906683688-78787508-1238319441-1006\Dc3083.exe a variant of Win32/Keygen.AR application
C:\System Volume Information\SystemRestore\FRStaging\RECYCLER\S-1-5-21-2906683688-78787508-1238319441-1006\Dc2939.0-AiR\Setup.exe Win32/VB.ODU trojan
C:\System Volume Information\SystemRestore\FRStaging\RECYCLER\S-1-5-21-57989841-308236825-839522115-1003\Dc1\Keygen.exe a variant of Win32/Keygen.AR application
C:\System Volume Information\SystemRestore\FRStaging\RECYCLER\S-1-5-21-57989841-308236825-839522115-1003\Dc2\Keygen.exe a variant of Win32/Keygen.AR application
C:\System Volume Information\SystemRestore\FRStaging\Users\Admin\AppData\Local\Temp\softonic-us-silent.exe Win32/Toolbar.Zugo application
C:\System Volume Information\SystemRestore\FRStaging\Users\Admin\AppData\Local\Temp\ICReinstall\cnet_pdf2wordsetup_exe.exe a variant of Win32/InstallCore.D application
C:\System Volume Information\SystemRestore\FRStaging\Users\Admin\AppData\Local\Temp\ICReinstall\PDFConverterSetup[1].exe a variant of Win32/InstallCore.E application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP600\A0148057.exe a variant of Win32/Keygen.AR application
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\ZDMHNGPJ\invoice.html JS/TrojanDownloader.Agent.NVQ trojan
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2ac74c85-51de48d8 a variant of Java/Agent.DZ trojan
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\3eef1ec7-5ff01e62 multiple threats
C:\Users\All Users\Real\RealUpgrade\upgradeconfiginfo_1370221.xml Win32/Adware.SpywareProtect2009 application
 
Hi Bobbye,

Is that all? Does the ESET log indicate that it's cleaned up? I still don't have my start menu back to normal, I believe my shortcuts are still hosed. Otherwise the system seems to be mostly back to normal - but slow. I'm hesitant to really crank much up until I know the system seems to be clean.

Thanks - I really appreciate the help,
Andrea
 
No, it's not all. Sorry- I missed the Attach.txt log.

Both Malwarebytes and Eset show a history of using cracks and keygens to pirate software. The CK Log shows an entry what appears to be Favorites site for cracks. Piracy gets you malware. The entries below are the only 'new' entries. The others, in System Volume are in restore points. There are not active n the system and will be removed at the end of cleaning. The entries in the Recycler will have to be removed separately.
-----------------------------------------
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files 
C:\ProgramData\Real\RealUpgrade\upgradeconfiginfo_1370221.xml
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\ZDMHNGPJ\invoice.html 
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2ac74c85-51de48d8
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\3eef1ec7-5ff01e62 
C:\Users\All Users\Real\RealUpgrade\upgradeconfiginfo_1370221.xml 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
================================
There is a different rogue program that presents as pretending to be a security update for Windows installed via Automatic Updates. You may have more than 1 rogue.
==============================
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
------------------------------------
.Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
You have multiple entries for these TB and BHO on the system. Additionally, some of these are bundled in the software. When you install a download, choose Custom and only select the program itself, not the junk in the bundle
================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
c:\users\Admin\AppData\Local\Temp\XLREN.exe
DDS::
uURLSearchHooks: H - No File
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
mRun: [Freecorder FLV Service] "g:\program files\freecorder\FLVSrvc.exe" /run
mRun: [eFnStcmpnllsRFa.exe] c:\programdata\eFnStcmpnllsRFa.exe
Trusted Zone: dell.com\ausctrxw004.aus.amer
Trusted Zone: dell.com\ausctrxw03.aus.amer
Trusted Zone: dell.com\pool_rim_itaas4_pc1.us
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
Trusted Zone: usps.com\sss-web
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=--
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
Clearjavacache::
Driver::
XLREN
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Go on to next reply.
 
You have "Omniquad Desktop Surveillance Personal Edition 6.0.3 on the system. It is a keylogger. Did you install it?>> 2011-10-13> c:\windows\iun6002.exe

Please uninstall in Programs:
µTorrent
Ask Toolbar
Bing Bar
Conduit Engine
system.
Freecorder 5
Freecorder Toolbar
Search Toolbar
System Check
Yontoo Layers Runtime 1.10.01
When finished, use Windows Explorer to access Computer> Local Drive> Programs> do a right click> Delete on the folder for each program you uninstalled.
=============================================
If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners[/color]
============================================
Press Windows+R key> type cmd> OK
1. If your task manager is disabled,copy and run this command
Code: 
Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr
Press Enter

2. If you're desktop is blank and unable to right click on it ,run this command
Code: 
Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop[/b]
Press Enter
=============================================
Please print out the following instructions. It is important that the order of the scan below be followed exactly. Please read through all of the instructions before you begin.
-----------------------------
1. Download Unhide.exe and save to the desktop.
  • Double-click on Unhide.exe icon to run the program.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
Note: This does not remove the malware- only the attribute that hides icons and programs. It is important that you continue.
================================
2. Boot into Safe Mode with Networking
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode with Networking option when the Windows Advanced Opti; ons menu appears, using your up/down arrows to reach it and then press ENTER.
=======================================
3. To end the processes that belong to the rogue program:
Please click on RKill
  • At the download page, click on Download now button for iExplore.exe download link and save to the desktop
  • Double click on the iExplore.exe icon
  • Please be patient- it may take a bit.
  • The black Window will close when through and you can continue.
Note: If you get a message that RKilll is malware, ignore it> it's from the malware.
=======================================
Do not reboot your computer after runningRKilll as the malware programs will start again.
================================
4. This malware frequently comes with the TDSSrootkit, so do the following:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result. Please leave log.
  • A reboot is required after disinfection.
====================================
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
5. Update and rescan with Malwarebytes:
  • Select Perform Full Scan on the Scanner tab
  • Click on the Scan button.
  • When scan has finished, you will see this image:
    scan-finished.jpg
  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format>Uncheckk Word Wrap before copying the log to paste in your next reply.
==============================
6. Correct Display Changes if needed:
If the desktop background is black or if the theme has been removed:
For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
=====================================
7.Some items may not show on the Start menu. To add them back:
  • Right click on Start> Properties
  • Taskbar and Start Menu Properties screen appears
  • choose Start Menu tab> Click on Customize
  • Check the items you want back on the Start Menu
  • When finished> click on OK> Apply and close.
====================================
You can now reboot back into Normal Mode.

Please leave new logs in next reply along with description of any remaining problems.
RKill
TDSSKiller
New Mbam
New Combofix
 
OTM Log

All processes killed
========== FILES ==========
C:\ProgramData\Real\RealUpgrade\upgradeconfiginfo_1370221.xml moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\ZDMHNGPJ\invoice.html moved successfully.
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2ac74c85-51de48d8 moved successfully.
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\3eef1ec7-5ff01e62 moved successfully.
File/Folder C:\Users\All Users\Real\RealUpgrade\upgradeconfiginfo_1370221.xml not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 295923 bytes
->Temporary Internet Files folder emptied: 1234992441 bytes
->Java cache emptied: 21566253 bytes
->FireFox cache emptied: 65769454 bytes
->Google Chrome cache emptied: 8292595 bytes
->Apple Safari cache emptied: 16384 bytes
->Flash cache emptied: 353543 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 143363408 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,406.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 01122012_211130

Files moved on Reboot...
C:\Windows\temp\fla10DD.tmp moved successfully.
C:\Windows\temp\fla1A1F.tmp moved successfully.
C:\Windows\temp\fla1BE5.tmp moved successfully.
C:\Windows\temp\fla1E58.tmp moved successfully.
C:\Windows\temp\fla34CF.tmp moved successfully.
C:\Windows\temp\fla46F6.tmp moved successfully.
C:\Windows\temp\fla5591.tmp moved successfully.
C:\Windows\temp\fla5C1C.tmp moved successfully.
C:\Windows\temp\fla76F.tmp moved successfully.
C:\Windows\temp\fla7E2E.tmp moved successfully.
C:\Windows\temp\fla8DFD.tmp moved successfully.
C:\Windows\temp\fla9435.tmp moved successfully.
C:\Windows\temp\fla96C.tmp moved successfully.
C:\Windows\temp\flaA83B.tmp moved successfully.
C:\Windows\temp\flaB6CD.tmp moved successfully.
C:\Windows\temp\flaB998.tmp moved successfully.
C:\Windows\temp\flaCB02.tmp moved successfully.
C:\Windows\temp\flaE784.tmp moved successfully.
C:\Windows\temp\flaEC7.tmp moved successfully.
File C:\Windows\temp\mcafee_BvOs11wWhj6EWhM not found!

Registry entries deleted on Reboot...
 
Combofix Log

ComboFix 12-01-12.04 - Admin 01/12/2012 22:03:22.3.2 - x86
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.3061.1897 [GMT -6:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Admin\AppData\Local\Temp\XLREN.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\windows\system32\RENB49F.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_XLREN
.
.
((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2012-01-13 04:21 . 2012-01-13 04:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-13 03:47 . 2012-01-13 03:47 -------- d-----w- c:\program files\Common Files\Java
2012-01-13 03:45 . 2012-01-13 03:45 -------- d-----w- c:\program files\Java
2012-01-13 03:36 . 2012-01-13 03:36 0 ----a-w- c:\windows\system32\REN5986.tmp
2012-01-13 03:36 . 2012-01-13 03:36 0 ----a-w- c:\windows\system32\REN5985.tmp
2012-01-13 03:36 . 2012-01-13 03:36 0 ----a-w- c:\windows\system32\REN5984.tmp
2012-01-13 03:11 . 2012-01-13 03:11 -------- d-----w- C:\_OTM
2012-01-10 21:05 . 2012-01-10 21:05 -------- d-----w- c:\program files\ESET
2012-01-10 03:06 . 2012-01-10 03:06 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-01-10 03:06 . 2012-01-10 03:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-10 03:06 . 2012-01-10 03:06 -------- d-----w- c:\programdata\Malwarebytes
2012-01-10 03:06 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-01-01 00:41 . 2012-01-01 00:41 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-12-23 21:01 . 2012-01-08 15:08 -------- d-----w- c:\program files\iPod
2011-12-23 21:01 . 2012-01-08 15:08 -------- d-----w- c:\program files\iTunes
2011-12-15 05:18 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 05:18 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-01 00:41 . 2010-02-18 03:52 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-01 00:40 . 2010-06-03 11:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-01-01 00:40 . 2010-02-18 03:52 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-14 11:56 . 2010-02-28 11:03 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-03 23:57 . 2011-11-03 23:57 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-29 14:11 . 2011-08-20 16:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-15 19:16 . 2011-10-30 20:02 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 19:16 . 2010-02-13 06:01 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 19:16 . 2010-02-13 06:00 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 19:16 . 2010-02-13 06:00 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 19:16 . 2010-02-13 06:00 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 19:16 . 2010-02-13 06:00 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 19:16 . 2010-02-13 06:00 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 19:16 . 2010-02-13 06:00 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 19:16 . 2010-02-13 06:00 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 19:16 . 2010-02-13 06:00 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ---ha-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-13 39408]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-12 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-09-02 643592]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R2 VisualSVNServer;VisualSVN Server;g:\program files\VisualSVN Server\bin\VisualSVNServer.exe [2010-04-24 23840]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 45464]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-28 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [2009-12-23 54328]
R3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\system32\DRIVERS\MAudioMobilePre.sys [2009-09-02 158344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 87656]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2010-09-11 245760]
R3 SQTECH9052;Disney Micro;c:\windows\system32\Drivers\Capt9052.sys [2008-02-21 41216]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;g:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 165680]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 64880]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 160608]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 150856]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]
S3 MP4ConverterAudio;MP4ConverterAudio;c:\windows\system32\drivers\MP4ConverterAudio.sys [2010-09-11 23608]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 05:56]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 05:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4GGLL_enUS366US366
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {BDEB0088-66F9-4A55-ABD2-0BF8DEEC1196} - hxxps://itaas5.dell.com/servlets/activex/teechart8.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4028)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
g:\program files\TortoiseSVN\bin\TortoiseStub.dll
g:\program files\TortoiseSVN\bin\TortoiseSVN.dll
g:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
g:\program files\Digidesign\Digidesign\Drivers\MMERefresh.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\Java\jre6\bin\jp2launcher.exe
c:\program files\Java\jre6\bin\java.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\conhost.exe
g:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-01-12 22:41:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-13 04:41
ComboFix2.txt 2012-01-10 20:57
ComboFix3.txt 2012-01-10 19:44
.
Pre-Run: 24,165,687,296 bytes free
Post-Run: 24,019,533,824 bytes free
.
- - End Of File - - 25AF7DA2D15BE4099AF15DD5AF4A6E95
 
Uninstall Stuff

No one here claims installing Omniquad, so no, I didn't install it.

Uninstall and delete programs - here's what I was able to do:

µTorrent - could not find in programs, deleted uTorrent folder

Ask Toolbar
uninstalled in programs, deleted folder

Bing Bar
uninstalled in programs, could not find

Conduit Engine
Disabled this in IE add ons, unable to uninstall in programs, deleted folder

system. not sure why this line is here, is it part of another row?

Freecorder 5 - uninstalled in programs
Freecorder Toolbar - unable to uninstall in programs, deleted Freecorder folder

Search Toolbar - not sure what this is. I don't see this in programs or in IE. Google search?

System Check - I don't see this in programs - isn't this the root of all evil?

Yontoo Layers Runtime 1.10.01
Disabled in IE add on - I don't see this in programs to uninstall, deleted folder


The two registry keys controlling task manager and desktop were not present. I don't have any issues with either.

I'm currently running unhide and I'll post again when I continue your instructions.
 
Sounds good. Go ahead and run Unhide. I'll set up script for you to run in Comboifx. It will be tomorrow before I can do it. Your patience is appreciated.
 
Rkill Log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/13/2012 at 12:31:25.
Operating System: Windows 7 Ultimate N


Processes terminated by Rkill or while it was running:



Rkill completed on 01/13/2012 at 12:31:29.
 
New MBAM log

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.13.04

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Admin :: MAIN [administrator]

1/13/2012 12:46:55 PM
mbam-log-2012-01-13 (12-46-55).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 710315
Time elapsed: 2 hour(s), 14 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 12
C:\System Volume Information\SystemRestore\FRStaging\RECYCLER\S-1-5-21-2906683688-78787508-1238319441-1006\Dc3070.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\RECYCLER\S-1-5-21-2906683688-78787508-1238319441-1006\Dc3083.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\RECYCLER\S-1-5-21-2906683688-78787508-1238319441-1006\Dc2939.0-AiR\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\RECYCLER\S-1-5-21-57989841-308236825-839522115-1003\Dc1\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\RECYCLER\S-1-5-21-57989841-308236825-839522115-1003\Dc2\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Admin\AppData\Local\Temp\ICReinstall\PDFConverterSetup[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP600\A0148057.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\13.01.2012_12.34.21\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\13.01.2012_12.34.21\mbr0001\tdlfs0000\tsk0002.dta (Trojan.Agent) -> Quarantined and deleted successfully.
G:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
G:\Data\Work\download\Sony ACID Pro 6.0d Build 363\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
G:\Data\Work\download\Sony DVD Architect Pro 5.0b Build 180\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

(end)
 
Script?

Bobbye,

You mentioned a Combofix script that you were going to write on Friday. Just bringing this back to the top of your queue.

The system has been fine with no issues since the last steps that were done.

Thanks.
 
G:\Data\Work\download\Sony ACID Pro 6.0d Build 363\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
G:\Data\Work\download\Sony DVD Architect Pro 5.0b Build 180\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
Click to expand...

You are continuing to pirate programs- these new ones in addition to previous ones now in System Restore.

Sony ACID Pro 6.0d Build 363 is a $300 program
Sony DVD Architect Pro 5.0b starts at $40

Please remove all pirated program and downloads to continue support.
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
478
eriksnyman1
E
Jess_123
My num pad + doesn't work ...
Replies
0
Views
281
Jess_123
Jess_123
M
Virus warning popup
Replies
1
Views
541
Mark Fuller
M

Latest posts

Back