Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Second opinion  (Read 6387 times)

0 Members and 1 Guest are viewing this topic.

Mustang58lx

    Topic Starter


    Rookie

    • Experience: Beginner
    • OS: Unknown
    Second opinion
    « on: May 14, 2012, 07:23:48 PM »
    I want a second opinion that my computer is clean of any malware and virus. 

    here are the latest logs.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 05/14/2012 at 04:31 PM

    Application Version : 5.0.1148

    Core Rules Database Version : 8593
    Trace Rules Database Version: 6405

    Scan type       : Complete Scan
    Total Scan Time : 02:20:29

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned      : 616
    Memory threats detected   : 0
    Registry items scanned    : 66539
    Registry threats detected : 0
    File items scanned        : 172956
    File threats detected     : 0


    Mustang58lx

      Topic Starter


      Rookie

      • Experience: Beginner
      • OS: Unknown
      Re: Second opinion
      « Reply #1 on: May 14, 2012, 07:24:38 PM »
      Malwarebytes Anti-Malware 1.61.0.1400
      www.malwarebytes.org

      Database version: v2012.05.14.07

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 8.0.7601.17514
      Nicole Lange :: NICOLELANGE-PC [administrator]

      5/14/2012 6:46:44 PM
      mbam-log-2012-05-14 (18-46-44).txt

      Scan type: Full scan
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
      Scan options disabled:
      Objects scanned: 368417
      Time elapsed: 1 hour(s), 24 minute(s),

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 0
      (No malicious items detected)

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 0
      (No malicious items detected)

      Folders Detected: 0
      (No malicious items detected)

      Files Detected: 0
      (No malicious items detected)

      (end)

      Mustang58lx

        Topic Starter


        Rookie

        • Experience: Beginner
        • OS: Unknown
        Re: Second opinion
        « Reply #2 on: May 14, 2012, 07:29:45 PM »
        .
        DDS (Ver_2011-08-26.01) - NTFSAMD64
        Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.4.1
        Run by Nicole Lange at 20:14:19 on 2012-05-14
        .
        ============== Running Processes ===============
        .
        .
        ============== Pseudo HJT Report ===============
        .
        uStart Page = hxxp://www.google.com/
        uDefault_Page_URL = hxxp://asus.msn.com
        uInternet Settings,ProxyOverride = *.local
        uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll
        uURLSearchHooks: H - No File
        uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
        uURLSearchHooks: H - No File
        mWinlogon: Userinit=userinit.exe,
        BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
        BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
        BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
        BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
        BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
        BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120510155804.dll
        BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File
        BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
        BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
        BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
        BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll
        BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll
        TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
        TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
        TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
        TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
        TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
        TB: {6169170A-F4D7-44A1-881F-F7FF71C52670} - No File
        uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
        uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
        uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
        mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
        mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
        mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
        mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
        mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
        mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
        mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
        mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        mRun: [masqform.exe] C:\Program Files (x86)\PureEdge\Viewer 6.5\masqform.exe -RunOnce
        mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
        mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
        mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
        mRun: [<NO NAME>]
        mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
        mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
        mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
        mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
        StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
        StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
        mPolicies-explorer: NoActiveDesktop = 1 (0x1)
        mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
        mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
        mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
        mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
        IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
        IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
        IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
        IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
        IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
        IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
        DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
        DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
        TCP: DhcpNameServer = 192.168.1.1
        TCP: Interfaces\{337C4D64-8121-46F2-AB52-BC53E843FB5C} : DhcpNameServer = 192.168.1.1
        TCP: Interfaces\{337C4D64-8121-46F2-AB52-BC53E843FB5C}\05F6E67686F6573756 : DhcpNameServer = 192.168.2.1 192.168.2.1
        TCP: Interfaces\{337C4D64-8121-46F2-AB52-BC53E843FB5C}\144616D637F6E602D4F647F627370234573747F6D65627 : DhcpNameServer = 24.159.193.39 24.159.193.40
        TCP: Interfaces\{337C4D64-8121-46F2-AB52-BC53E843FB5C}\14D40234573747F6D656270223 : DhcpNameServer = 192.168.1.1
        TCP: Interfaces\{337C4D64-8121-46F2-AB52-BC53E843FB5C}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
        TCP: Interfaces\{337C4D64-8121-46F2-AB52-BC53E843FB5C}\643525D27457563747D275966496 : DhcpNameServer = 199.3.25.10
        TCP: Interfaces\{337C4D64-8121-46F2-AB52-BC53E843FB5C}\B6F637B696 : DhcpNameServer = 192.168.0.1
        Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
        Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
        Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
        Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
        Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
        BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
        BHO-X64:     0x1 - No File
        BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
        BHO-X64:     AcroIEHelperStub - No File
        BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
        BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
        BHO-X64:     Search Helper - No File
        BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
        BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120510155804.dll
        BHO-X64:     scriptproxy - No File
        BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        BHO-X64: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File
        BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
        BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
        BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
        BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
        BHO-X64: NetAssistantBHO Class: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll
        BHO-X64:     NetAssistantBHO - No File
        BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll
        BHO-X64:     Yontoo Layers - No File
        TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
        TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
        TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
        TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
        TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
        TB-X64: {6169170A-F4D7-44A1-881F-F7FF71C52670} - No File
        mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
        mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
        mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
        mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
        mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
        mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
        mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
        mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        mRun-x64: [masqform.exe] C:\Program Files (x86)\PureEdge\Viewer 6.5\masqform.exe -RunOnce
        mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
        mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
        mRun-x64: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
        mRun-x64: [(Default)]
        mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
        mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
        mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
        mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
        Hosts: 127.0.0.1   www.spywareinfo.com
        .
        ================= FIREFOX ===================
        .
        FF - ProfilePath - C:\Users\Nicole Lange\AppData\Roaming\Mozilla\Firefox\Profiles\qtg2aw98.default\
        FF - prefs.js: browser.search.selectedEngine - Secure Search
        FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
        FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
        FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
        FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
        FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
        FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
        FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
        FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
        FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
        FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
        FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
        FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
        FF - plugin: C:\Users\Nicole Lange\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
        FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
        FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
        FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
        .
        ---- FIREFOX POLICIES ----
        FF - user.js: general.useragent.extra.brc - BRI/1
        .
        ============= SERVICES / DRIVERS ===============
        .
        .
        =============== Created Last 30 ================
        .
        2012-05-14 17:27:04   --------   d-----w-   C:\Program Files\COMODO
        2012-05-14 17:25:58   --------   d-sh--w-   C:\Windows\SysWow64\%APPDATA%
        2012-05-12 18:43:12   --------   d-----w-   C:\ProgramData\Spybot - Search & Destroy
        2012-05-12 18:43:12   --------   d-----w-   C:\Program Files (x86)\Spybot - Search & Destroy
        2012-05-11 18:36:54   --------   d-----w-   C:\Program Files (x86)\Oracle
        2012-05-11 18:36:12   772504   ----a-w-   C:\Windows\SysWow64\npDeployJava1.dll
        2012-05-11 17:24:20   --------   d-----w-   C:\Program Files\WOT
        2012-05-11 17:24:20   --------   d-----w-   C:\Program Files (x86)\WOT
        2012-05-11 17:22:55   --------   d-----w-   C:\Users\Nicole Lange\AppData\Roaming\Malwarebytes
        2012-05-11 17:22:22   --------   d-----w-   C:\ProgramData\Malwarebytes
        2012-05-11 17:21:59   24904   ----a-w-   C:\Windows\System32\drivers\mbam.sys
        2012-05-11 17:21:56   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
        2012-05-11 17:08:36   --------   d-----w-   C:\Program Files (x86)\SpywareBlaster
        2012-05-11 17:05:02   --------   d-----w-   C:\Users\Nicole Lange\AppData\Roaming\SUPERAntiSpyware.com
        2012-05-11 17:04:41   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
        2012-05-11 17:04:41   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
        2012-05-11 16:58:04   --------   d-----w-   C:\Program Files\CCleaner
        2012-05-11 16:54:27   --------   d-----w-   C:\Users\Nicole Lange\AppData\Local\{2CCE79D5-F3B7-4092-B89C-CC5653866C91}
        2012-05-11 16:53:34   --------   d-----w-   C:\Users\Nicole Lange\AppData\Local\{1538EA11-47B1-4239-A56D-C830B7172B58}
        2012-05-11 15:37:19   --------   d-----w-   C:\Windows\en
        2012-05-11 15:34:06   48488   ----a-w-   C:\Windows\System32\drivers\fssfltr.sys
        2012-05-11 15:28:44   15712   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\c0012cfa1cd2f8a02\MeshBetaRemover.exe
        2012-05-11 15:28:42   89944   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\bf5368861cd2f8a01\DSETUP.dll
        2012-05-11 15:28:42   537432   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\bf5368861cd2f8a01\DXSETUP.exe
        2012-05-11 15:28:42   1801048   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\bf5368861cd2f8a01\dsetup32.dll
        2012-05-11 15:27:09   --------   d-----w-   C:\Users\Nicole Lange\AppData\Local\{36B02F2F-2770-4603-9AC1-8057B536F25E}
        2012-05-11 15:26:56   --------   d-----w-   C:\Users\Nicole Lange\AppData\Local\{47B6F5FF-C319-47F7-9C37-BF1D95295A07}
        2012-05-11 15:26:04   --------   d--h--w-   C:\VritualRoot
        2012-05-11 15:19:40   --------   d-----w-   C:\ProgramData\Comodo
        2012-05-11 15:15:50   --------   d-----w-   C:\Users\Nicole Lange\AppData\Local\{701A7122-3B0F-42C5-99DA-521CCDA35A48}
        2012-05-10 21:27:08   --------   d-----w-   C:\Users\Nicole Lange\AppData\Local\{D8B69080-3939-4AA6-950B-191E21E0D7A9}
        2012-05-10 21:10:57   --------   d-----w-   C:\Users\Nicole Lange\AppData\Local\{5779DD1D-B099-483B-A24A-460ADFFCB62E}
        2012-05-10 20:58:00   29272   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
        2012-05-10 19:07:59   --------   d-----w-   C:\Users\Nicole Lange\AppData\Local\Microsoft Help
        2012-05-10 18:59:02   81408   ----a-w-   C:\Windows\System32\imagehlp.dll
        2012-05-10 18:59:02   23408   ----a-w-   C:\Windows\System32\drivers\fs_rec.sys
        2012-05-10 18:59:02   159232   ----a-w-   C:\Windows\SysWow64\imagehlp.dll
        2012-05-10 18:59:01   5120   ----a-w-   C:\Windows\SysWow64\wmi.dll
        2012-05-10 18:59:01   5120   ----a-w-   C:\Windows\System32\wmi.dll
        2012-05-10 18:59:01   220672   ----a-w-   C:\Windows\System32\wintrust.dll
        2012-05-10 18:59:01   172544   ----a-w-   C:\Windows\SysWow64\wintrust.dll
        2012-05-10 18:40:49   5559664   ----a-w-   C:\Windows\System32\ntoskrnl.exe
        2012-05-10 18:40:47   3146240   ----a-w-   C:\Windows\System32\win32k.sys
        2012-05-10 18:40:45   3913072   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
        2012-05-10 18:40:44   3968368   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
        2012-05-10 18:37:40   75120   ----a-w-   C:\Windows\System32\drivers\partmgr.sys
        2012-05-10 18:37:17   634880   ----a-w-   C:\Windows\System32\msvcrt.dll
        2012-05-10 18:37:16   690688   ----a-w-   C:\Windows\SysWow64\msvcrt.dll
        2012-05-10 18:36:46   331776   ----a-w-   C:\Windows\System32\oleacc.dll
        2012-05-10 18:36:45   861696   ----a-w-   C:\Windows\System32\oleaut32.dll
        2012-05-10 18:36:45   571904   ----a-w-   C:\Windows\SysWow64\oleaut32.dll
        2012-05-10 18:36:45   233472   ----a-w-   C:\Windows\SysWow64\oleacc.dll
        2012-05-10 18:36:37   723456   ----a-w-   C:\Windows\System32\EncDec.dll
        2012-05-10 18:36:37   534528   ----a-w-   C:\Windows\SysWow64\EncDec.dll
        2012-05-10 18:36:17   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
        2012-05-10 18:36:17   2048   ----a-w-   C:\Windows\System32\tzres.dll
        2012-05-10 18:35:01   1918320   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
        2012-05-10 18:34:53   1732096   ----a-w-   C:\Program Files\Windows Journal\NBDoc.DLL
        2012-05-10 18:34:53   1367552   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
        2012-05-10 18:34:52   936960   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
        2012-05-10 18:34:52   1402880   ----a-w-   C:\Program Files\Windows Journal\JNWDRV.dll
        2012-05-10 18:34:52   1393664   ----a-w-   C:\Program Files\Windows Journal\JNTFiltr.dll
        2012-05-10 18:34:45   1731920   ----a-w-   C:\Windows\System32\ntdll.dll
        2012-05-10 18:34:45   1292080   ----a-w-   C:\Windows\SysWow64\ntdll.dll
        2012-05-10 17:30:37   77312   ----a-w-   C:\Windows\System32\packager.dll
        2012-05-10 17:30:37   67072   ----a-w-   C:\Windows\SysWow64\packager.dll
        2012-05-10 15:36:07   9216   ----a-w-   C:\Windows\System32\rdrmemptylst.exe
        2012-05-10 15:36:07   77312   ----a-w-   C:\Windows\System32\rdpwsx.dll
        2012-05-10 15:36:07   149504   ----a-w-   C:\Windows\System32\rdpcorekmts.dll
        2012-05-10 15:35:12   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
        2012-05-10 15:35:12   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
        2012-05-10 15:35:12   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
        2012-05-10 15:35:12   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
        .
        ==================== Find3M  ====================
        .
        2012-05-14 16:53:07   45056   ----a-w-   C:\Windows\System32\acovcnt.exe
        2012-04-04 23:47:02   687504   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
        2012-03-20 18:11:30   162192   ----a-w-   C:\Windows\System32\mfevtps.exe
        2012-03-08 23:50:28   49016   ----a-w-   C:\Windows\SysWow64\sirenacm.dll
        2012-03-08 23:37:20   302448   ----a-w-   C:\Windows\WLXPGSS.SCR
        2012-03-03 06:35:38   1544704   ----a-w-   C:\Windows\System32\DWrite.dll
        2012-03-03 05:31:19   1077248   ----a-w-   C:\Windows\SysWow64\DWrite.dll
        2012-02-28 06:39:37   1188864   ----a-w-   C:\Windows\System32\wininet.dll
        2012-02-28 05:38:52   981504   ----a-w-   C:\Windows\SysWow64\wininet.dll
        2012-02-28 04:31:38   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
        2012-02-28 03:52:27   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
        2012-02-22 18:29:46   75936   ----a-w-   C:\Windows\System32\drivers\mfenlfk.sys
        2012-02-22 18:29:46   65264   ----a-w-   C:\Windows\System32\drivers\cfwids.sys
        2012-02-22 18:29:46   647208   ----a-w-   C:\Windows\System32\drivers\mfehidk.sys
        2012-02-22 18:29:46   487296   ----a-w-   C:\Windows\System32\drivers\mfefirek.sys
        2012-02-22 18:29:46   289664   ----a-w-   C:\Windows\System32\drivers\mfewfpk.sys
        2012-02-22 18:29:46   229528   ----a-w-   C:\Windows\System32\drivers\mfeavfk.sys
        2012-02-22 18:29:46   160792   ----a-w-   C:\Windows\System32\drivers\mfeapfk.sys
        2012-02-22 18:29:46   10248   ----a-w-   C:\Windows\System32\drivers\mfeclnk.sys
        2012-02-22 18:29:46   100912   ----a-w-   C:\Windows\System32\drivers\mferkdet.sys
        2009-04-08 17:31:56   106496   ----a-w-   C:\Program Files (x86)\Common Files\CPInstallAction.dll
        2008-08-12 04:45:20   155648   ----a-w-   C:\Program Files (x86)\Common Files\MSIactionall.dll
        .
        ============= FINISH: 20:15:30.74 ===============

        Mustang58lx

          Topic Starter


          Rookie

          • Experience: Beginner
          • OS: Unknown
          Re: Second opinion
          « Reply #3 on: May 14, 2012, 07:30:23 PM »
          .
          UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
          IF REQUESTED, ZIP IT UP & ATTACH IT
          .
          DDS (Ver_2011-08-26.01)
          .
          .
          ==== Disk Partitions =========================
          .
          .
          ==== Disabled Device Manager Items =============
          .
          ==== System Restore Points ===================
          .
          No restore point in system.
          .
          ==== Installed Programs ======================
          .
           Update for Microsoft Office 2007 (KB2508958)
          µTorrent
          Acrobat.com
          Adobe AIR
          Adobe Flash Player 10 ActiveX
          Adobe Flash Player 10 Plugin
          Adobe Reader 9.4.5 MUI
          Adobe Shockwave Player 11.5
          Adobe SVG Viewer 3.0
          Alcor Micro USB Card Reader
          Apple Application Support
          Apple Software Update
          ASUS AI Recovery
          ASUS AP Bank
          ASUS CopyProtect
          ASUS Data Security Manager
          ASUS FancyStart
          ASUS LifeFrame3
          ASUS Live Update
          ASUS MultiFrame
          ASUS SmartLogon
          ASUS Splendid Video Enhancement Technology
          ASUS Virtual Camera
          ASUS_Screensaver
          ATK Package
          Bing Bar
          Bing Rewards Client Installer
          Comcast Desktop Software (v1.2.0.9)
          Compatibility Pack for the 2007 Office system
          Conduit Engine
          ControlDeck
          Coupon Printer for Windows
          D3DX10
          Desktop Doctor
          DivX Codec
          ETM
          Google Chrome
          Google Earth
          Google Update Helper
          HP Deskjet 1000 J110 series Help
          HP Photo Creations
          HP Update
          Intel(R) Control Center
          Intel(R) Graphics Media Accelerator Driver
          Java Auto Updater
          Java(TM) 7 Update 4
          JavaFX 2.1.0
          Junk Mail filter update
          Malwarebytes Anti-Malware version 1.61.0.1400
          McAfee AntiVirus Plus
          Mesh Runtime
          Messenger Companion
          Microsoft Default Manager
          Microsoft Office 2007 Service Pack 3 (SP3)
          Microsoft Office Excel MUI (English) 2007
          Microsoft Office File Validation Add-In
          Microsoft Office Home and Student 2007
          Microsoft Office Live Add-in 1.5
          Microsoft Office OneNote MUI (English) 2007
          Microsoft Office PowerPoint MUI (English) 2007
          Microsoft Office PowerPoint Viewer 2007 (English)
          Microsoft Office Proof (English) 2007
          Microsoft Office Proof (French) 2007
          Microsoft Office Proof (Spanish) 2007
          Microsoft Office Proofing (English) 2007
          Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
          Microsoft Office Shared MUI (English) 2007
          Microsoft Office Shared Setup Metadata MUI (English) 2007
          Microsoft Office Word MUI (English) 2007
          Microsoft Search Enhancement Pack
          Microsoft SQL Server 2005 Compact Edition [ENU]
          Microsoft Visual C++ 2005 Redistributable
          Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
          Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
          Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
          Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
          Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
          Microsoft Works
          Mobile Broadband Generic Drivers
          Move Media Player
          Mozilla Firefox 5.0 (x86 en-US)
          MSVCRT
          MSVCRT_amd64
          MSXML 4.0 SP3 Parser (KB973685)
          My.Freeze.com NetAssistant
          NOOK for PC
          Platform
          PureEdge Viewer 6.5
          QuickTime
          Roxio Burn
          Roxio Roxio Burn
          Roxio Update Manager
          Safari
          Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
          Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
          Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
          Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
          Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
          Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
          Skype™ 5.1
          Spybot - Search & Destroy
          SpywareBlaster 4.6
          TM 1-1520-248-23&P
          TM 1-1520-BLACKHAWK
          Update for 2007 Microsoft Office System (KB967642)
          Verizon Wireless USB760 Firmware Updates
          VIA Platform Device Manager
          Windows Live Communications Platform
          Windows Live Essentials
          Windows Live Installer
          Windows Live Mail
          Windows Live Mesh
          Windows Live Mesh ActiveX Control for Remote Connections
          Windows Live Messenger
          Windows Live Messenger Companion Core
          Windows Live Movie Maker
          Windows Live Photo Common
          Windows Live Photo Gallery
          Windows Live PIMT Platform
          Windows Live SOXE
          Windows Live SOXE Definitions
          Windows Live Sync
          Windows Live UX Platform
          Windows Live UX Platform Language Pack
          Windows Live Writer
          Windows Live Writer Resources
          WinFlash
          Wireless Console 3
          Yahoo! Install Manager
          .
          ==== End Of File ===========================

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 996
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: Second opinion
          « Reply #4 on: May 15, 2012, 12:54:52 PM »
          Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

          1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
          2. The fixes are specific to your problem and should only be used for this issue on this machine.
          3. If you don't know or understand something, please don't hesitate to ask.
          4. Please DO NOT run any other tools or scans while I am helping you.
          5. It is important that you reply to this thread. Do not start a new topic.
          6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
          7. Absence of symptoms does not mean that everything is clear.

          If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
          *************************************************************************
          Is there any reason why you think your computer may be infected? Any symptoms?

          P2P - I see you have P2P software installed on your machine. µTorrentWe are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

          Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

          I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
          While you're there you should remove My.Freeze.com NetAssistant. It is adware
          ********************************************************************
          Update Your Java (JRE)

          Old versions of Java have vulnerabilities that malware can use to infect your system.


          First Verify your Java Version

          If there are any other version(s) installed then update now.

          Get the new version (if needed)

          If your version is out of date install the newest version of the Sun Java Runtime Environment.

          Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

          Be sure to close ALL open web browsers before starting the installation.

          Remove any old versions

          1. Download JavaRa and unzip the file to your Desktop.
          2. Open JavaRA.exe and choose Remove Older Versions
          3. Once complete exit JavaRA.

          Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
          **********************************************************
          Download Security Check by screen317 from one of the following links and save it to your desktop.

          Link 1
          Link 2

          * Double-click Security Check.bat
          * Follow the on-screen instructions inside of the black box.
          * A Notepad document should open automatically called checkup.txt
          * Post the contents of that document in your next reply.

          Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

          Mustang58lx

            Topic Starter


            Rookie

            • Experience: Beginner
            • OS: Unknown
            Re: Second opinion
            « Reply #5 on: May 16, 2012, 11:01:14 AM »
            The reason for a second opinion was this computer had the fake antivirus/security program wanting you to purchase it.
            and internet access was blocked.

            It seems to be running good but I just wanted to make sure I didn't miss something.

            java is up to date and all old versions have been removed.

            here is the security check log


             Results of screen317's Security Check version 0.99.32 
             Windows 7  x64 (UAC is enabled) 
            ``````````````````````````````
            Antivirus/Firewall Check:

             Windows Security Center service is not running! This report may not be accurate!
             Windows Firewall Disabled! 
             McAfee AntiVirus Plus   
             WMI entry may not exist for antivirus; attempting automatic update.
            ```````````````````````````````
            Anti-malware/Other Utilities Check:

             MVPS Hosts File 
             SpywareBlaster 4.6   
             Spybot - Search & Destroy
             JavaFX 2.1.0   
             Java(TM) 7 Update 4 
             Adobe Reader 9 Adobe Reader out of date!
             Mozilla Firefox (5.0.)
            ````````````````````````````````
            Process Check: 
            objlist.exe by Laurent

            ``````````End of Log````````````

            SuperDave

            • Malware Removal Specialist


            • Genius
            • Thanked: 996
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: Second opinion
            « Reply #6 on: May 16, 2012, 04:43:03 PM »
            Update Your Java (JRE)

            Old versions of Java have vulnerabilities that malware can use to infect your system.


            First Verify your Java Version

            If there are any other version(s) installed then update now.

            Get the new version (if needed)

            If your version is out of date install the newest version of the Sun Java Runtime Environment.

            Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

            Be sure to close ALL open web browsers before starting the installation.

            Remove any old versions

            1. Download JavaRa and unzip the file to your Desktop.
            2. Open JavaRA.exe and choose Remove Older Versions
            3. Once complete exit JavaRA.

            Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
            **************************************************
            Download Combofix from any of the links below, and save it to your DESKTOP

            Link 1
            Link 2
            Link 3

            To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
            • Close any open windows and double click ComboFix.exe to run it.

              You will see the following image:


            Click I Agree to start the program.

            ComboFix will then extract the necessary files and you will see this:



            As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

            It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

            If you did not have it installed, you will see the prompt below. Choose YES.



            Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

            **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

            Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



            Click on Yes, to continue scanning for malware.

            When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

            Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

            Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

            Mustang58lx

              Topic Starter


              Rookie

              • Experience: Beginner
              • OS: Unknown
              Re: Second opinion
              « Reply #7 on: May 17, 2012, 09:13:10 AM »
              here is the combofix log

              ComboFix 12-05-14.03 - Nicole Lange 05/16/2012  21:18:30.1.2 - x64
              Running from: c:\users\Nicole Lange\Desktop\need to install\ComboFix.exe
               * Created a new restore point
              .
              .
              (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              c:\program files (x86)\Astrology_4aEI
              c:\program files (x86)\Common Files\ASPG_icon.ico
              c:\windows\assembly\tmp\U
              .
              .
              (((((((((((((((((((((((((   Files Created from 2012-04-17 to 2012-05-17  )))))))))))))))))))))))))))))))
              .
              .
              2012-05-17 02:26 . 2012-05-17 02:26   --------   d-----w-   c:\users\Default\AppData\Local\temp
              2012-05-16 15:38 . 2012-05-16 15:38   8744608   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
              2012-05-16 15:32 . 2012-05-16 15:38   70304   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
              2012-05-16 15:32 . 2012-05-16 15:38   419488   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
              2012-05-16 15:32 . 2012-05-16 15:32   --------   d-----w-   c:\windows\system32\Macromed
              2012-05-14 17:25 . 2012-05-14 17:25   --------   d-sh--w-   c:\windows\SysWow64\%APPDATA%
              2012-05-12 18:43 . 2012-05-14 17:42   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
              2012-05-12 18:43 . 2012-05-12 18:57   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy
              2012-05-11 18:42 . 2012-05-11 18:42   --------   d-----w-   c:\program files (x86)\Common Files\Java
              2012-05-11 18:36 . 2012-05-11 18:36   --------   d-----w-   c:\program files (x86)\Oracle
              2012-05-11 18:36 . 2012-04-04 23:47   772504   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
              2012-05-11 17:36 . 2012-05-11 17:36   --------   d-----w-   c:\program files\Microsoft Silverlight
              2012-05-11 17:36 . 2012-05-11 17:36   --------   d-----w-   c:\program files (x86)\Microsoft Silverlight
              2012-05-11 17:24 . 2012-05-11 17:24   --------   d-----w-   c:\program files\WOT
              2012-05-11 17:24 . 2012-05-11 17:24   --------   d-----w-   c:\program files (x86)\WOT
              2012-05-11 17:22 . 2012-05-11 17:22   --------   d-----w-   c:\users\Nicole Lange\AppData\Roaming\Malwarebytes
              2012-05-11 17:22 . 2012-05-11 17:22   --------   d-----w-   c:\programdata\Malwarebytes
              2012-05-11 17:21 . 2012-04-04 20:56   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
              2012-05-11 17:21 . 2012-05-11 17:22   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
              2012-05-11 17:08 . 2012-05-14 17:37   --------   d-----w-   c:\program files (x86)\SpywareBlaster
              2012-05-11 17:05 . 2012-05-11 17:05   --------   d-----w-   c:\users\Nicole Lange\AppData\Roaming\SUPERAntiSpyware.com
              2012-05-11 17:04 . 2012-05-11 17:05   --------   d-----w-   c:\program files\SUPERAntiSpyware
              2012-05-11 17:04 . 2012-05-11 17:04   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
              2012-05-11 16:58 . 2012-05-11 16:58   --------   d-----w-   c:\program files\CCleaner
              2012-05-11 15:37 . 2012-05-11 15:37   --------   d-----w-   c:\windows\en
              2012-05-11 15:34 . 2012-03-08 23:40   48488   ----a-w-   c:\windows\system32\drivers\fssfltr.sys
              2012-05-11 15:28 . 2012-05-11 15:28   15712   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\c0012cfa1cd2f8a02\MeshBetaRemover.exe
              2012-05-11 15:28 . 2012-05-11 15:28   89944   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\bf5368861cd2f8a01\DSETUP.dll
              2012-05-11 15:28 . 2012-05-11 15:28   537432   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\bf5368861cd2f8a01\DXSETUP.exe
              2012-05-11 15:28 . 2012-05-11 15:28   1801048   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\bf5368861cd2f8a01\dsetup32.dll
              2012-05-11 15:26 . 2012-05-11 15:26   --------   d-----w-   C:\VritualRoot
              2012-05-11 15:19 . 2012-05-14 17:31   --------   d-----w-   c:\programdata\Comodo
              2012-05-10 20:58 . 2012-03-20 18:06   29272   ----a-w-   c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
              2012-05-10 19:07 . 2012-05-10 19:07   --------   d-----w-   c:\users\Nicole Lange\AppData\Local\Microsoft Help
              2012-05-10 18:59 . 2012-03-01 06:46   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
              2012-05-10 18:59 . 2012-03-01 06:33   81408   ----a-w-   c:\windows\system32\imagehlp.dll
              2012-05-10 18:59 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
              2012-05-10 18:59 . 2012-03-01 06:38   220672   ----a-w-   c:\windows\system32\wintrust.dll
              2012-05-10 18:59 . 2012-03-01 06:28   5120   ----a-w-   c:\windows\system32\wmi.dll
              2012-05-10 18:59 . 2012-03-01 05:37   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
              2012-05-10 18:59 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
              2012-05-10 18:40 . 2012-03-31 06:05   5559664   ----a-w-   c:\windows\system32\ntoskrnl.exe
              2012-05-10 18:40 . 2012-03-31 03:10   3146240   ----a-w-   c:\windows\system32\win32k.sys
              2012-05-10 18:40 . 2012-03-31 04:39   3913072   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
              2012-05-10 18:40 . 2012-03-31 04:39   3968368   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
              2012-05-10 18:37 . 2012-03-17 07:58   75120   ----a-w-   c:\windows\system32\drivers\partmgr.sys
              2012-05-10 18:37 . 2011-12-16 08:46   634880   ----a-w-   c:\windows\system32\msvcrt.dll
              2012-05-10 18:37 . 2011-12-16 07:52   690688   ----a-w-   c:\windows\SysWow64\msvcrt.dll
              2012-05-10 18:36 . 2011-08-27 05:37   331776   ----a-w-   c:\windows\system32\oleacc.dll
              2012-05-10 18:36 . 2011-08-27 05:37   861696   ----a-w-   c:\windows\system32\oleaut32.dll
              2012-05-10 18:36 . 2011-08-27 04:26   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
              2012-05-10 18:36 . 2011-08-27 04:26   233472   ----a-w-   c:\windows\SysWow64\oleacc.dll
              2012-05-10 18:36 . 2011-10-15 06:31   723456   ----a-w-   c:\windows\system32\EncDec.dll
              2012-05-10 18:36 . 2011-10-15 05:38   534528   ----a-w-   c:\windows\SysWow64\EncDec.dll
              2012-05-10 18:36 . 2011-11-05 05:32   2048   ----a-w-   c:\windows\system32\tzres.dll
              2012-05-10 18:36 . 2011-11-05 04:26   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
              2012-05-10 18:35 . 2012-03-30 11:35   1918320   ----a-w-   c:\windows\system32\drivers\tcpip.sys
              2012-05-10 18:34 . 2012-03-31 05:42   1732096   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
              2012-05-10 18:34 . 2012-03-31 05:40   1367552   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
              2012-05-10 18:34 . 2012-03-31 05:40   1402880   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
              2012-05-10 18:34 . 2012-03-31 05:40   1393664   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
              2012-05-10 18:34 . 2012-03-31 04:29   936960   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
              2012-05-10 18:34 . 2011-11-17 06:41   1731920   ----a-w-   c:\windows\system32\ntdll.dll
              2012-05-10 18:34 . 2011-11-17 05:38   1292080   ----a-w-   c:\windows\SysWow64\ntdll.dll
              2012-05-10 17:30 . 2011-11-19 14:58   77312   ----a-w-   c:\windows\system32\packager.dll
              2012-05-10 17:30 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\SysWow64\packager.dll
              2012-05-10 15:36 . 2012-01-25 06:38   77312   ----a-w-   c:\windows\system32\rdpwsx.dll
              2012-05-10 15:36 . 2012-01-25 06:38   149504   ----a-w-   c:\windows\system32\rdpcorekmts.dll
              2012-05-10 15:36 . 2012-01-25 06:33   9216   ----a-w-   c:\windows\system32\rdrmemptylst.exe
              2012-05-10 15:35 . 2012-02-17 06:38   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
              2012-05-10 15:35 . 2012-02-17 05:34   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
              2012-05-10 15:35 . 2012-02-17 04:58   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
              2012-05-10 15:35 . 2012-02-17 04:57   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
              .
              .
              .
              ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2012-05-17 02:27 . 2011-07-15 20:13   45056   ----a-w-   c:\windows\system32\acovcnt.exe
              2012-04-04 23:47 . 2010-06-10 19:53   687504   ----a-w-   c:\windows\SysWow64\deployJava1.dll
              2012-03-20 18:11 . 2011-01-11 15:23   162192   ----a-w-   c:\windows\system32\mfevtps.exe
              2012-03-08 23:50 . 2012-03-08 23:50   49016   ----a-w-   c:\windows\SysWow64\sirenacm.dll
              2012-03-08 23:37 . 2012-03-08 23:37   302448   ----a-w-   c:\windows\WLXPGSS.SCR
              2012-02-22 18:29 . 2011-01-11 15:24   10248   ----a-w-   c:\windows\system32\drivers\mfeclnk.sys
              2012-02-22 18:29 . 2011-01-11 15:23   75936   ----a-w-   c:\windows\system32\drivers\mfenlfk.sys
              2012-02-22 18:29 . 2011-01-11 15:23   65264   ----a-w-   c:\windows\system32\drivers\cfwids.sys
              2012-02-22 18:29 . 2011-01-11 15:23   647208   ----a-w-   c:\windows\system32\drivers\mfehidk.sys
              2012-02-22 18:29 . 2011-01-11 15:23   487296   ----a-w-   c:\windows\system32\drivers\mfefirek.sys
              2012-02-22 18:29 . 2011-01-11 15:23   289664   ----a-w-   c:\windows\system32\drivers\mfewfpk.sys
              2012-02-22 18:29 . 2011-01-11 15:23   229528   ----a-w-   c:\windows\system32\drivers\mfeavfk.sys
              2012-02-22 18:29 . 2011-01-11 15:23   160792   ----a-w-   c:\windows\system32\drivers\mfeapfk.sys
              2012-02-22 18:29 . 2011-01-11 15:23   100912   ----a-w-   c:\windows\system32\drivers\mferkdet.sys
              2009-04-08 17:31 . 2009-04-08 17:31   106496   ----a-w-   c:\program files (x86)\Common Files\CPInstallAction.dll
              2008-08-12 04:45 . 2008-08-12 04:45   155648   ----a-w-   c:\program files (x86)\Common Files\MSIactionall.dll
              .
              .
              (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4
              .
              [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
              2010-09-12 22:02   3863136   ----a-w-   c:\program files (x86)\ConduitEngine\ConduitEngine.dll
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
              "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
              .
              [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
              @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
              [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
              2007-06-02 00:08   143360   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
              .
              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
              "Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
              "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
              "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
              "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
              "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
              "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
              "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-17 2245120]
              "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
              "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
              "masqform.exe"="c:\program files (x86)\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
              "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
              "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
              "ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
              "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
              "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
              "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
              "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
              .
              c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
              FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-3-19 12862]
              SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-3-19 156952]
              .
              c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
              Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-9-21 9216]
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
              "ConsentPromptBehaviorAdmin"= 5 (0x5)
              "ConsentPromptBehaviorUser"= 3 (0x3)
              "EnableUIADesktopToggle"= 0 (0x0)
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
              "aux"=wdmaud.drv
              .
              [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
              Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
              @=""
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
              @=""
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
              @=""
              .
              R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-09 136176]
              R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 257696]
              R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS

              R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-09 136176]
              R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys

              R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys

              R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys

              R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys

              R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

              R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

              R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

              R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
              S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys

              S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys

              S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

              S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys

              S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
              S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
              S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

              S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
              S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe

              S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
              S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
              S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
              S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
              S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
              S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe

              S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys

              S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys

              S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys

              S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys

              S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

              .
              .
              --- Other Services/Drivers In Memory ---
              .
              *NewlyCreated* - IPNAT
              *NewlyCreated* - WS2IFSL
              *Deregistered* - mfeavfk01
              .
              Contents of the 'Scheduled Tasks' folder
              .
              2012-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
              - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 15:38]
              .
              2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-09 05:02]
              .
              2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-09 05:02]
              .
              2012-05-12 c:\windows\Tasks\hpwebreg_CN15R2N0YG05D2.job
              - c:\program files\HP\HP Deskjet 1000 J110 series\Bin\hpwebreg.exe [2010-11-17 02:29]
              .
              .
              --------- x86-64 -----------
              .
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
              @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
              [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
              2007-06-01 23:52   159744   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
              "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
              "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
              "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
              "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
              "LoadAppInit_DLLs"=0x1
              .
              ------- Supplementary Scan -------
              .
              uLocal Page = c:\windows\system32\blank.htm
              uStart Page = hxxp://www.google.com/
              mLocal Page = c:\windows\SysWOW64\blank.htm
              uInternet Settings,ProxyOverride = *.local
              IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
              IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
              TCP: DhcpNameServer = 192.168.253.1
              FF - ProfilePath - c:\users\Nicole Lange\AppData\Roaming\Mozilla\Firefox\Profiles\qtg2aw98.default\
              FF - prefs.js: browser.search.selectedEngine - Secure Search
              FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
              FF - user.js: general.useragent.extra.brc - BRI/1
              .
              - - - - ORPHANS REMOVED - - - -
              .
              URLSearchHooks-{6169170a-f4d7-44a1-881f-f7ff71c52670} - (no file)
              URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
              BHO-{99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)
              Toolbar-Locked - (no file)
              Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
              Toolbar-Locked - (no file)
              WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
              WebBrowser-{6169170A-F4D7-44A1-881F-F7FF71C52670} - (no file)
              WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
              AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
              AddRemove-YInstHelper - c:\windows\system32\regsvr32
              .
              .
              .
              --------------------- LOCKED REGISTRY KEYS ---------------------
              .
              [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
              @Denied: (2) (LocalSystem)
              "Progid"="FirefoxHTML"
              .
              [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
              @Denied: (2) (LocalSystem)
              "Progid"="FirefoxHTML"
              .
              [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
              @Denied: (2) (LocalSystem)
              "Progid"="FirefoxHTML"
              .
              [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
              @Denied: (2) (LocalSystem)
              "Progid"="FirefoxHTML"
              .
              [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
              @Denied: (2) (LocalSystem)
              "Progid"="FirefoxHTML"
              .
              [HKEY_USERS\S-1-5-21-4248164610-2112220815-2805680812-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
              @Denied: (2) (LocalSystem)
              "Progid"="WindowsLiveMail.Email.1"
              .
              [HKEY_USERS\S-1-5-21-4248164610-2112220815-2805680812-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
              @Denied: (2) (LocalSystem)
              "Progid"="WindowsLiveMail.VCard.1"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
              "Enabled"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Shockwave Flash Object"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
              @="0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
              @="ShockwaveFlash.ShockwaveFlash.11"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="ShockwaveFlash.ShockwaveFlash"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Macromedia Flash Factory Object"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
              @="FlashFactory.FlashFactory.1"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="FlashFactory.FlashFactory"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker4"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
              "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
              @Denied: (A) (Users)
              @Denied: (A) (Everyone)
              @Allowed: (B 1 2 3 4 5) (S-1-5-20)
              "BlindDial"=dword:00000000
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
              @Denied: (Full) (Everyone)
              .
              ------------------------ Other Running Processes ------------------------
              .
              c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
              c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
              c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
              c:\program files (x86)\Bonjour\mDNSResponder.exe
              c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
              c:\windows\SysWOW64\rundll32.exe
              c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
              c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
              c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
              c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
              c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
              c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
              c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
              c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
              .
              **************************************************************************
              .
              Completion time: 2012-05-16  21:40:09 - machine was rebooted
              ComboFix-quarantined-files.txt  2012-05-17 02:40
              .
              Pre-Run: 809,660,416 bytes free
              Post-Run: 810,778,624 bytes free
              .
              - - End Of File - - 7976471AD99F785D29321106DE0288E4

              SuperDave

              • Malware Removal Specialist


              • Genius
              • Thanked: 996
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              Re: Second opinion
              « Reply #8 on: May 17, 2012, 01:12:02 PM »
              I'd like to scan your machine with ESET OnlineScan

              •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
              ESET OnlineScan
              •Click the button.
              •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
              • Click on to download the ESET Smart Installer. Save it to your desktop.
              • Double click on the icon on your desktop.
              •Check
              •Click the button.
              •Accept any security warnings from your browser.
              •Check
              •Push the Start button.
              •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
              •When the scan completes, push
              •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
              •Push the button.
              •Push
              A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

              Mustang58lx

                Topic Starter


                Rookie

                • Experience: Beginner
                • OS: Unknown
                Re: Second opinion
                « Reply #9 on: May 17, 2012, 05:50:09 PM »
                Dave here is that log

                C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll   Win32/Adware.Yontoo.A application   cleaned by deleting - quarantined
                C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll   a variant of Win32/Adware.Yontoo.B application   cleaned by deleting - quarantined

                SuperDave

                • Malware Removal Specialist


                • Genius
                • Thanked: 996
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: Second opinion
                « Reply #10 on: May 18, 2012, 04:34:59 PM »
                How's the computer running now? Any other issues?
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                Mustang58lx

                  Topic Starter


                  Rookie

                  • Experience: Beginner
                  • OS: Unknown
                  Re: Second opinion
                  « Reply #11 on: May 18, 2012, 06:26:37 PM »
                  I feel that it's running good.  I don't notice any other issues.


                  SuperDave

                  • Malware Removal Specialist


                  • Genius
                  • Thanked: 996
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 8
                  Re: Second opinion
                  « Reply #12 on: May 19, 2012, 04:45:47 PM »
                  Good. Let's cleanup.

                  To uninstall ComboFix

                  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
                  • In the field, type in ComboFix /uninstall


                  (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

                  • Then, press Enter, or click OK.
                  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
                  **********************************************************
                  Clean out your temporary internet files and temp files.

                  Download TFC by OldTimer to your desktop.

                  Double-click TFC.exe to run it.

                  Note: If you are running on Vista, right-click on the file and choose Run As Administrator

                  TFC will close all programs when run, so make sure you have saved all your work before you begin.

                  * Click the Start button to begin the cleaning process.
                  * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
                  * Please let TFC run uninterrupted until it is finished.

                  Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
                  ********************************************************
                  Looking over your log it seems you don't have any evidence of a third party firewall.

                  Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

                  Remember only install ONE firewall

                  1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
                  2) Online Armor
                  3) Agnitum Outpost
                  4) PC Tools Firewall Plus

                  If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
                  **************************************************************
                  Use the Secunia Software Inspector to check for out of date software.

                  •Click Start Now

                  •Check the box next to Enable thorough system inspection.

                  •Click Start

                  •Allow the scan to finish and scroll down to see if any updates are needed.
                  •Update anything listed.
                  .
                  ----------

                  Go to Microsoft Windows Update and get all critical updates.

                  ----------

                  I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                  SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
                  * Using SpywareBlaster to protect your computer from Spyware and Malware
                  * If you don't know what ActiveX controls are, see here

                  Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

                  Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                  Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                  Safe Surfing!
                  Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender