Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: SalP on January 12, 2012, 10:54:13 AM
-
It appears I had been infected with a Trojan virus. It looks like it modified Windows. I'll post the original MBAM logs along with a screen shot momentarily.
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.12.01
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Sal :: SAL-PC [administrator]
1/12/2012 2:34:40 AM
mbam-log-2012-01-12 (02-34-40).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 476523
Time elapsed: 1 hour(s), 37 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LuJmxWoSNc.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\LuJmxWoSNc.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 7
C:\ProgramData\LuJmxWoSNc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\HjwzEGjO3hMIss.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Sal\AppData\Local\Temp\Mifd7ysZ7UZUl6.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Sal\AppData\Local\Temp\ICReinstall\cnet2_Lives_exe.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.
C:\Users\Sal\AppData\Local\Temp\ICReinstall\cnet2_mod-video-converter_exe.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.
C:\Users\Sal\AppData\Local\Temp\ICReinstall\cnet2_Pazera_Free_MP4_to_AVI_Converter_exe.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.
C:\Users\Sal\AppData\Local\Temp\ICReinstall\cnet2_SpesoftVideoConverterSetup_exe.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.12.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sal :: SAL-PC [administrator]
1/12/2012 4:16:40 AM
mbam-log-2012-01-12 (04-16-40).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 476996
Time elapsed: 2 hour(s), 43 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\$Recycle.Bin\S-1-5-21-3871039636-1935808284-3132821144-1000\$R3LEX4B.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.
(end)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/12/2012 at 12:22 PM
Application Version : 5.0.1142
Core Rules Database Version : 8126
Trace Rules Database Version: 5938
Scan type : Quick Scan
Total Scan Time : 00:22:11
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 606
Memory threats detected : 0
Registry items scanned : 60391
Registry threats detected : 0
File items scanned : 30977
File threats detected : 0
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.12.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sal :: SAL-PC [administrator]
1/12/2012 12:24:09 PM
mbam-log-2012-01-12 (12-24-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178220
Time elapsed: 5 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Sal at 12:35:04 on 2012-01-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4337 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Sal\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111220044023.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Spotify] "C:\Users\Sal\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [Google Update] "C:\Users\Sal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{906A0659-4400-4DC7-B110-51D3B7A309F7} : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{9119282E-5577-4E9E-BAEF-A78718186537} : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{A8879E61-4DAF-4925-84BA-80063B6E8548} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AE0795C9-B67C-46E9-AA31-3DA152801F46} : DhcpNameServer = 192.168.1.1 68.237.161.12
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111220044023.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sal\AppData\Roaming\Mozilla\Firefox\Profiles\bc6vgme3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Sal\AppData\Local\Google\Update\1.3.21.93\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-16 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-31 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-31 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-31 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-31 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-3-16 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-3-16 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-16 689472]
R3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000w7.sys --> C:\Windows\system32\DRIVERS\ae1000w7.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-3-16 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-31 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-12 16:58:37 -------- d-----w- C:\Users\Sal\AppData\Roaming\SUPERAntiSpyware.com
2012-01-12 16:58:17 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-01-12 16:58:17 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-01-12 16:54:16 -------- d-----w- C:\Program Files\CCleaner
2012-01-12 16:42:12 -------- d-----w- C:\Users\Sal\AppData\Local\{BE4A8820-8C48-46BB-91F7-4BB27EE235AE}
2012-01-12 16:41:52 -------- d-----w- C:\Users\Sal\AppData\Local\{01FCEC20-A538-4018-A3D6-1E6433720E78}
2012-01-11 19:39:53 -------- d-----w- C:\Users\Sal\AppData\Local\{23543AD4-B8B1-4655-93B6-86EE679CA3DD}
2012-01-11 02:19:35 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 02:19:35 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 02:19:34 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 02:19:34 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 02:19:27 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 02:19:27 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 02:19:25 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 02:19:24 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-11 02:07:16 -------- d-----w- C:\Users\Sal\AppData\Local\{091B1AAF-6494-4813-8CF6-BF76FDF5EE86}
2012-01-11 02:06:41 -------- d-----w- C:\Users\Sal\AppData\Local\{C774196C-962A-438E-9440-E49E70A08352}
2012-01-07 19:38:31 -------- d-----w- C:\Program Files (x86)\Educational Simulations
2012-01-07 00:26:39 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-07 00:26:39 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-07 00:26:38 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-07 00:26:38 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-02 16:24:03 -------- d-----w- C:\Users\Sal\AppData\Local\{6DE55C4D-1E5E-4FDB-8644-787D191C1993}
2011-12-30 04:37:50 -------- d-----w- C:\Users\Sal\AppData\Roaming\Pamela Call Recorder
2011-12-30 04:37:25 -------- d-----w- C:\Users\Sal\AppData\Roaming\Pamela
2011-12-30 04:37:24 172544 ----a-w- C:\Windows\SysWow64\RemoteControl.dll
2011-12-30 04:37:23 -------- d-----w- C:\Program Files (x86)\PamelaPCR
2011-12-29 02:31:48 -------- d-----w- C:\Program Files (x86)\Free M4a to MP3 Converter
2011-12-29 02:00:41 -------- d-----w- C:\Program Files (x86)\pazera-software
2011-12-29 01:58:25 -------- d-----w- C:\MTV_OUTPUT
2011-12-29 01:58:07 -------- d-----w- C:\Program Files (x86)\Video Convert
2011-12-29 01:57:50 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-12-29 01:57:50 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-12-29 01:57:50 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-12-29 01:57:50 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-12-29 01:57:49 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-12-29 01:46:45 -------- d-----w- C:\Users\Sal\AppData\Local\*SPAM URL* Studio
2011-12-28 12:44:34 -------- d-----w- C:\Users\Sal\AppData\Local\{6A4B126E-21F2-4622-AE3B-BB783E6FB4F1}
2011-12-28 12:44:15 -------- d-----w- C:\Users\Sal\AppData\Local\{6CADD8DD-B05F-4BF4-B9F8-3D7A6F903AC1}
2011-12-15 19:17:38 -------- d-----w- C:\Users\Sal\AppData\Local\{2FBC307F-8942-4A11-8CCA-0DEAF80B73FF}
2011-12-15 19:17:20 -------- d-----w- C:\Users\Sal\AppData\Local\{70A27D54-EAC0-4349-BD51-FCC06CFB9FB6}
2011-12-14 17:52:11 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-14 17:52:03 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 17:52:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 06:53:53 -------- d-----w- C:\Users\Sal\AppData\Local\{FD60E775-E57B-485C-B3FD-F7CEDB5BAFA1}
2011-12-14 06:53:32 -------- d-----w- C:\Users\Sal\AppData\Local\{6BF1CE0C-4D8D-48A1-AECB-71F9FB977E9E}
.
==================== Find3M ====================
.
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-10 10:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-06 03:48:02 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-18 19:32:28 161168 ----a-w- C:\Windows\System32\mfevtps.exe
2011-10-15 18:16:16 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-10-15 18:16:16 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-10-15 18:16:16 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-10-15 18:16:16 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-10-15 18:16:16 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-10-15 18:16:16 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-10-15 18:16:16 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-10-15 18:16:16 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-10-15 18:16:16 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
.
============= FINISH: 12:41:27.98 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/22/2011 3:45:30 PM
System Uptime: 1/12/2012 11:40:06 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 018D1Y
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 3203/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 509.347 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP66: 12/15/2011 3:00:20 AM - Windows Update
RP67: 12/28/2011 8:32:26 PM - Installed Coby Media Manager
RP68: 12/28/2011 8:57:54 PM - Installed Video Convert
RP69: 1/10/2012 11:10:19 PM - Windows Update
RP70: 1/12/2012 12:31:35 PM - Installed Java(TM) 6 Update 30
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 Plugin
Adobe Reader 9.2
AIM 7
Amazon MP3 Downloader 1.0.14
Apple Application Support
Apple Software Update
Audacity 1.3.12
BufferChm
Consumer In-Home Service Agreement
Copy
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Marketplace Webslice IE8
Destinations
DeviceDiscovery
DirectX 9 Runtime
DJ_AIO_05_F4400_Software_Min
Download Updater (AOL LLC)
Dropbox
F4400
Free M4a to MP3 Converter 7.0
Google Chrome
GoToAssist 8.0.0.514
GPBaseService2
HP Photo Creations
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Internet Explorer
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
LAME v3.98.3 for Audacity
Last.fm 1.5.4.27091
LG United Mobile Drivers
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
Pam Call Recorder 4.8
Pazera Free MP4 to AVI Converter 1.6
PhotoShowExpress
Police Quest: SWAT 1, 2
QuickTime
Real Lives 2004
Realtek High Definition Audio Driver
Redist
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Click to Call
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
Spotify
Status
Steam
System Requirements Lab
System Requirements Lab CYRI
Toolbox
TrayApp
TrustedID
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Media Manager
Video Convert
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
YouTube Downloader 3.4
.
==== Event Viewer Messages From Past Week ========
.
1/12/2012 4:13:31 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/12/2012 2:31:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
1/12/2012 2:31:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
1/12/2012 2:30:09 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/12/2012 2:30:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/12/2012 2:30:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/12/2012 2:30:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/12/2012 2:29:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/12/2012 2:29:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
1/12/2012 2:29:42 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
1/12/2012 11:46:52 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/10/2012 9:06:02 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
1/10/2012 9:05:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.
1/10/2012 9:05:23 PM, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
-
I apologize. I had mistakenly attached the logs instead of copying and pasting them in quotes.
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
I apologize. I had mistakenly attached the logs instead of copying and pasting them in quotes.
Not a problem.
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
-
Here's the log. Thank you for getting back to me so quickly. Most programs say that the registry has been marked for deletion. Is that normal?
ComboFix 12-01-12.04 - Sal 01/12/2012 14:22:55.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4680 [GMT -5:00]
Running from: c:\users\Sal\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\458ffeq4p6hr700641u
c:\programdata\HjwzEGjO3hMIss
c:\users\Sal\AppData\Local\awd.exe
c:\users\Sal\AppData\Local\dqvy.exe
c:\users\Sal\AppData\Local\elw.exe
c:\users\Sal\AppData\Local\ivob.exe
c:\users\Sal\AppData\Local\lnsy.exe
c:\users\Sal\AppData\Local\rgbv.exe
c:\users\Sal\AppData\Roaming\Microsoft\Windows\Templates\458ffeq4p6hr700641u
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 19:32 . 2012-01-12 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-12 17:34 . 2012-01-12 17:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-12 16:58 . 2012-01-12 16:58 -------- d-----w- c:\users\Sal\AppData\Roaming\SUPERAntiSpyware.com
2012-01-12 16:58 . 2012-01-12 16:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-12 16:58 . 2012-01-12 16:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-12 16:54 . 2012-01-12 16:54 -------- d-----w- c:\program files\CCleaner
2012-01-11 02:19 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 02:19 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 02:19 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 02:19 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 02:19 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 02:19 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 02:19 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 02:19 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-07 19:38 . 2012-01-07 19:38 -------- d-----w- c:\program files (x86)\Educational Simulations
2012-01-07 00:26 . 2012-01-07 00:26 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-07 00:26 . 2012-01-07 00:26 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-07 00:26 . 2012-01-07 00:26 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-07 00:26 . 2012-01-07 00:26 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-30 04:37 . 2011-12-30 08:53 -------- d-----w- c:\users\Sal\AppData\Roaming\Pamela Call Recorder
2011-12-30 04:37 . 2011-12-30 04:37 -------- d-----w- c:\users\Sal\AppData\Roaming\Pamela
2011-12-30 04:37 . 2011-12-30 04:37 172544 ----a-w- c:\windows\SysWow64\RemoteControl.dll
2011-12-30 04:37 . 2011-12-30 04:37 -------- d-----w- c:\program files (x86)\PamelaPCR
2011-12-29 02:31 . 2011-12-29 02:31 -------- d-----w- c:\program files (x86)\Free M4a to MP3 Converter
2011-12-29 02:00 . 2011-12-29 02:00 -------- d-----w- c:\program files (x86)\pazera-software
2011-12-29 01:58 . 2011-12-29 01:58 -------- d-----w- C:\MTV_OUTPUT
2011-12-29 01:58 . 2011-12-29 01:58 -------- d-----w- c:\program files (x86)\Video Convert
2011-12-29 01:57 . 2001-09-05 10:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-12-29 01:57 . 2001-09-05 10:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-12-29 01:57 . 2001-09-05 10:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-12-29 01:57 . 2001-09-05 10:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-12-29 01:57 . 2002-07-26 13:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-12-29 01:46 . 2011-12-29 01:46 -------- d-----w- c:\users\Sal\AppData\Local\*SPAM URL* Studio
2011-12-14 17:52 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 17:52 . 2011-11-05 05:41 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 17:52 . 2011-11-05 04:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-03-23 17:25 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 10:54 . 2011-03-17 01:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-06 03:48 . 2011-06-27 04:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-18 19:32 . 2011-03-17 01:27 161168 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-15 18:16 . 2011-03-17 01:27 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 18:16 . 2010-10-14 03:28 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 18:16 . 2010-10-14 03:28 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 18:16 . 2010-10-14 03:28 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16 . 2010-10-14 03:28 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 18:16 . 2010-10-14 03:28 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 18:16 . 2010-10-14 03:28 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 18:16 . 2010-10-14 03:28 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-15 18:16 . 2010-10-14 03:28 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Sal\AppData\Roaming\Spotify\spotify.exe" [2011-12-20 4010160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASDIFSV
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3871039636-1935808284-3132821144-1000Core.job
- c:\users\Sal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 04:32]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3871039636-1935808284-3132821144-1000UA.job
- c:\users\Sal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 04:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sal\AppData\Roaming\Mozilla\Firefox\Profiles\bc6vgme3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-01-12 14:47:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-12 19:47
.
Pre-Run: 546,774,183,936 bytes free
Post-Run: 546,164,207,616 bytes free
.
- - End Of File - - 455D748F45DC643E7F03D557D20B6C31
-
Most programs say that the registry has been marked for deletion. Is that normal?
I've seen that warning before but not in the same context. When do you receive that warning?
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
-
Upon the initial reboot, all programs gave me that response. Upon a restart, they were functional. The internet is connected, but no web pages come up.
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.7601.17514
Mozilla Firefox 9.0.1 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:917 Go - Free:508 Go )
D:\ [CD_Rom]
E:\ [Removable]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
Q:\ [Fixed-UDF] .. ( Total:0 Go - Free:0 Go )
.
Scan : 18:52.31
Path : C:\Users\Sal\Desktop\Rooter.exe
User : Sal ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ???·?????? (284)
______ ???·?????? (508)
______ ???·?????? (564)
______ ???·?????? (576)
______ ???·?????? (620)
______ ???·?????? (636)
______ ???·?????? (644)
______ ???·?????? (752)
______ ???·?????? (780)
______ ???·?????? (844)
______ ???·?????? (884)
______ ???·?????? (932)
______ ???·?????? (180)
______ ???·?????? (448)
______ ???·?????? (316)
______ ???·?????? (1112)
______ C:\Program Files\Dell\DellDock\DockLogin.exe (1128)
______ ???·?????? (1216)
______ ???·?????? (1376)
______ ???·?????? (1416)
______ ???·?????? (1540)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1564)
______ ???·?????? (1616)
______ C:\Windows\SysWOW64\svchost.exe (1664)
______ ???·?????? (1692)
______ ???·?????? (1736)
______ ???·?????? (1756)
______ ???·?????? (1860)
______ ???·?????? (1936)
______ ???·?????? (1240)
______ C:\Windows\SysWOW64\rundll32.exe (1160)
______ C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (1840)
______ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (1612)
______ ???·?????? (2068)
______ ???·?????? (2184)
______ ???·?????? (2308)
______ ???·?????? (2320)
______ ???·?????? (2440)
______ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (2620)
______ C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3088)
______ ???·?????? (3164)
______ ???·?????? (3352)
______ ???·?????? (3388)
______ ???·?????? (3852)
______ ???·?????? (3988)
______ ???·?????? (4040)
______ ???·?????? (3504)
______ C:\Users\Sal\AppData\Roaming\Spotify\spotify.exe (3528)
______ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (3576)
______ ???·?????? (3584)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (3552)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4272)
______ ???·?????? (4356)
______ ???·?????? (4144)
______ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (4088)
Locked audiodg.exe (4816)
______ ???·?????? (6168)
______ ???·?????? (6968)
______ C:\Users\Sal\Desktop\Rooter.exe (6140)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:41943040 | Length:14828961792)
\Device\Harddisk0\Partition3 (Start_Offset:14870904832 | Length:985332187136)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3871039636-1935808284-3132821144-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3871039636-1935808284-3132821144-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 18:52.52
.
C:\Rooter$\Rooter_1.txt - (12/01/2012 | 18:52.52)
-
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.
(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)
Checkmark the following boxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List content of Hosts
- List IP Configuration
- Lst Last 10 Event Viewer Errors
- List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post. .
-
MiniToolBox by Farbar
Ran by Sal (administrator) on 13-01-2012 at 15:42:46
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
MAC Bridge Miniport = Network Bridge (Disconnected)
Linksys AE1000 = Wireless Network Connection 3 (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Sal-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host bleepingcomputer.com. Please check the name and try again.
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Event log errors: ===============================
Application errors:
==================
Error: (01/13/2012 02:31:25 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error: (01/12/2012 11:54:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7925
Error: (01/12/2012 11:54:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7925
Error: (01/12/2012 11:54:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/12/2012 03:40:10 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error: (01/12/2012 03:01:43 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error: (01/12/2012 02:43:44 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error: (01/10/2012 09:14:09 PM) (Source: Application Hang) (User: )
Description: The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 214c
Start Time: 01ccd0058ff12428
Termination Time: 110
Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Report Id: e841b80f-3bf9-11e1-81b5-b8ac6fe30819
Error: (01/06/2012 02:48:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6848
Error: (01/06/2012 02:48:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6848
System errors:
=============
Error: (01/13/2012 02:29:00 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.
Error: (01/13/2012 02:20:45 PM) (Source: BridgeMP) (User: )
Description: Bridge: The bridge failed to create its virtual miniport.
Error: (01/12/2012 03:29:33 PM) (Source: BridgeMP) (User: )
Description: Bridge: The bridge failed to create its virtual miniport.
Error: (01/12/2012 03:09:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (01/12/2012 03:09:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (01/12/2012 03:09:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (01/12/2012 03:09:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (01/12/2012 03:09:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (01/12/2012 03:09:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (01/12/2012 03:09:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Microsoft Office Sessions:
=========================
========================= Memory info: ===================================
Percentage of memory in use: 31%
Total physical RAM: 6142.99 MB
Available physical RAM: 4179.22 MB
Total Pagefile: 12284.18 MB
Available Pagefile: 9937.4 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.09 MB
========================= Partitions: =====================================
1 Drive c: (OS) (Fixed) (Total:917.66 GB) (Free:508.53 GB) NTFS
2 Drive d: (Jan 12 2012) (CDROM) (Total:0.69 GB) (Free:0.63 GB) UDF
========================= Users: ========================================
User accounts for \\SAL-PC
Administrator Guest Sal
**** End of log ****
-
Please download Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe) and run it on the computer with the issue.
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
-
Farbar Service Scanner
Ran by Sal (administrator) on 13-01-2012 at 21:42:59
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
-
How is your computer connected to the modem; hard wired or wireless? Did you try resetting the modem? Disconnect the power supply for at least 30 secs.
-
It's wireless. I tried resetting the computer. The computer detects the network and says connected, but when I attempt to connect to a webpage, it says "Server not found."
If I click "Troubleshoot problems," it suggests that there may be a problem with "the driver for the Network Bridge adapter."
-
It appears I fixed the problem.
Some time ago, I had set up a network bridge. Since my computer does use the wireless adapter, I had set up a network bridge so I could connect my Xbox 360 via ethernet to the ethernet port, effectively allowing the 360 to connect to the internet. Apparently, that bridge was causing problems now. Once I disabled the bridge, everything appears to be working now.
Though, I did do one final scan with McAfee and it did find a Generic Exploit Trojan. Perhaps I'm not out of the woods yet. Running another MBAM scan as we speak.
-
The MBAM scan came up clean. Everything seems to be running okay. I could just use some help in cleanup.
-
One more scan and we can then do some cleanup.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Still scanning, but it looks like it picked up 2 trojans in Java.
-
C:\ProgramData\YouTube Downloader\ytd_installer.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
C:\Users\Sal\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\5522c76e-4a9801b9 Java/Exploit.CVE-2011-3544.T trojan deleted - quarantined
C:\Users\Sal\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\44d5d945-5e4c9667 Java/Agent.EA trojan deleted - quarantined
I deleted the offending program, cleared out the Java cache, and updated Java.
-
Great. If there are no other issues we can do some cleanup.
Delete the Combo-Fix.exe file, c:\users\Sal\Downloads\Combo-Fix folder, c:\users\Sal\Downloads\QooBox folder, C:\WINDOWS\nircmd.exe, c:\users\Sal\Downloads:\combo-fix.txt and c:\users\Sal\Downloads\Combo-Fix-quarantined-files.txt
You may have a problem deleting one of the folders. In that case, just empty the folder of whatever files you can and leave it.
***************************************************
To set a new Restore Point.
Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
*******************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
******************************************************
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!