Jump to content

shadowex64

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. The thing on the full scan hasn't come up! I think it's finally gone! can i delete OTL and combofix now as well? Thank you SO much for all your help!!
  2. All processes killed ========== OTL ========== HKU\S-1-5-21-2121925346-1442831497-2744593039-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully. C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll moved successfully. C:\Users\Jora\AppData\Roaming\uTorrent\dlimagecache folder moved successfully. C:\Users\Jora\AppData\Roaming\uTorrent\apps folder moved successfully. C:\Users\Jora\AppData\Roaming\uTorrent folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Jora ->Temp folder emptied: 5184821 bytes ->Temporary Internet Files folder emptied: 56507953 bytes ->Java cache emptied: 1281110460 bytes ->Google Chrome cache emptied: 379604725 bytes ->Flash cache emptied: 43808 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3462 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,643.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.53.0 log created on 06282012_101916 Files\Folders moved on Reboot... C:\Users\Jora\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Jora\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot...
  3. OTL.txt = OTL logfile created on: 6/27/2012 6:54:46 PM - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Jora\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.80 Gb Total Physical Memory | 4.52 Gb Available Physical Memory | 77.94% Memory free 11.61 Gb Paging File | 10.16 Gb Available in Paging File | 87.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917.66 Gb Total Space | 861.86 Gb Free Space | 93.92% Space Free | Partition Type: NTFS Computer Name: JORA-PC | User Name: Jora | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/27 18:53:57 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jora\Downloads\OTL.exe PRC - [2012/04/15 11:37:51 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/02/25 17:34:14 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/07/30 18:36:38 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) DRV:64bit: - [2010/04/01 09:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/04 00:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2009/10/24 07:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel® DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2121925346-1442831497-2744593039-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111249,16898,0,8,0 IE - HKU\S-1-5-21-2121925346-1442831497-2744593039-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sharewareisland.com/quicksearch.aspx IE - HKU\S-1-5-21-2121925346-1442831497-2744593039-1001\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKU\S-1-5-21-2121925346-1442831497-2744593039-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2121925346-1442831497-2744593039-1001\..\SearchScopes\{0DBD8E16-6D4C-46F5-B2F2-7806590288C8}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111249,6901,0,8,0 IE - HKU\S-1-5-21-2121925346-1442831497-2744593039-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jora\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jora\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jora\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jora\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jora\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jora\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Jora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Jora\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Jora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/06/26 20:19:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKU\S-1-5-21-2121925346-1442831497-2744593039-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-2121925346-1442831497-2744593039-1001..\RunOnce: [boot] C:\Users\Jora\AppData\Roaming\Dell Touch Zone\loader.jar () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2121925346-1442831497-2744593039-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2121925346-1442831497-2744593039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6C2884-568F-4E9E-8DC9-7DD70C679AEF}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFB8C8C8-9A00-4D3F-AEAE-BA233AC6053E}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/27 16:44:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/06/26 20:22:18 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/06/25 22:28:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/06/25 22:28:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/06/25 22:28:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/06/25 22:26:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/25 22:25:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/06/25 17:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/25 17:01:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/06/25 17:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/06/19 15:46:42 | 000,000,000 | ---D | C] -- C:\Users\Jora\jagexcache [2012/06/18 21:42:13 | 000,000,000 | ---D | C] -- C:\Users\Jora\AppData\Roaming\Malwarebytes [2012/06/18 21:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/18 13:13:41 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012/06/18 13:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012/06/18 13:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2009/07/13 15:46:19 | 000,032,064 | ---- | C] (Microsoft Corporation) -- C:\Users\Jora\AppData\Roaming\jawa.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/27 18:35:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/27 18:21:34 | 000,000,024 | ---- | M] () -- C:\Users\Jora\random.dat [2012/06/27 18:19:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2121925346-1442831497-2744593039-1001UA.job [2012/06/27 18:17:49 | 000,000,043 | ---- | M] () -- C:\Users\Jora\jagex_cl_runescape_LIVE.dat [2012/06/27 17:19:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2121925346-1442831497-2744593039-1001Core.job [2012/06/27 17:01:45 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012/06/27 16:51:42 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/27 16:51:42 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/27 16:44:52 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/27 16:44:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/27 16:44:11 | 378,888,191 | -HS- | M] () -- C:\hiberfil.sys [2012/06/26 21:37:00 | 000,000,048 | ---- | M] () -- C:\Users\Jora\jagex_cl_runescape_LIVE_BETA.dat [2012/06/26 20:19:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/06/25 20:53:43 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/06/25 20:53:34 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/25 20:53:34 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/25 20:24:21 | 000,011,264 | ---- | M] () -- C:\Users\Jora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/25 17:01:48 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/25 11:38:32 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012/06/25 11:38:32 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012/06/20 14:49:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012/06/19 11:46:45 | 000,475,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/18 12:47:55 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/06/17 14:31:54 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012/06/14 15:59:48 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/26 21:37:00 | 000,000,048 | ---- | C] () -- C:\Users\Jora\jagex_cl_runescape_LIVE_BETA.dat [2012/06/26 21:37:00 | 000,000,024 | ---- | C] () -- C:\Users\Jora\random.dat [2012/06/25 22:28:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/06/25 22:28:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/06/25 22:28:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/06/25 22:28:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/06/25 22:28:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/06/25 17:01:48 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/19 15:46:42 | 000,000,043 | ---- | C] () -- C:\Users\Jora\jagex_cl_runescape_LIVE.dat [2012/06/18 13:13:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012/06/18 12:50:35 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2012/06/18 12:47:55 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/01/30 16:23:33 | 000,000,012 | ---- | C] () -- C:\Users\Jora\AppData\Roaming\RuneDream_Data.ini [2012/01/22 13:30:02 | 000,011,264 | ---- | C] () -- C:\Users\Jora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/15 20:22:44 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011/09/15 20:22:44 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011/02/25 18:55:58 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/02/25 18:55:58 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011/02/25 18:55:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011/02/25 18:55:56 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011/02/25 18:55:55 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin ========== LOP Check ========== [2011/12/29 20:45:47 | 000,000,000 | ---D | M] -- C:\Users\Jora\AppData\Roaming\EnviJagex [2011/09/06 19:43:30 | 000,000,000 | ---D | M] -- C:\Users\Jora\AppData\Roaming\GetRightToGo [2011/08/05 18:23:17 | 000,000,000 | ---D | M] -- C:\Users\Jora\AppData\Roaming\Leadertech [2011/08/12 13:00:36 | 000,000,000 | ---D | M] -- C:\Users\Jora\AppData\Roaming\PCDr [2011/08/22 14:15:14 | 000,000,000 | ---D | M] -- C:\Users\Jora\AppData\Roaming\shockwave.com [2012/05/23 20:00:50 | 000,000,000 | ---D | M] -- C:\Users\Jora\AppData\Roaming\TS3Client [2012/04/01 20:21:18 | 000,000,000 | ---D | M] -- C:\Users\Jora\AppData\Roaming\uTorrent [2011/08/05 19:02:02 | 000,000,000 | ---D | M] -- C:\Users\Jora\AppData\Roaming\WildTangent [2012/06/17 14:31:54 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012/05/31 17:17:45 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/06/27 17:01:45 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8 < End of report > Extras.txt = OTL Extras logfile created on: 6/27/2012 6:54:46 PM - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Jora\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.80 Gb Total Physical Memory | 4.52 Gb Available Physical Memory | 77.94% Memory free 11.61 Gb Paging File | 10.16 Gb Available in Paging File | 87.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917.66 Gb Total Space | 861.86 Gb Free Space | 93.92% Space Free | Partition Type: NTFS Computer Name: JORA-PC | User Name: Jora | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{163FE3D1-58D8-42C8-A13C-39B1839DA22E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1EF56FCC-260F-4B33-A1E4-F1F3695B1AE2}" = rport=137 | protocol=17 | dir=out | app=system | "{2164BEEA-7127-4091-8BC3-15B2D2A08604}" = lport=2869 | protocol=6 | dir=in | app=system | "{2A12618F-87B6-47DC-BB5C-DEF13E1654AF}" = rport=138 | protocol=17 | dir=out | app=system | "{3DDC2A03-EA55-4015-97C1-CB17A93EB787}" = rport=445 | protocol=6 | dir=out | app=system | "{51FFEF34-AD41-412D-95BC-CAB72BBDEF3C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{57F91C25-4D68-4BD0-815B-1B0D8F107E0A}" = rport=10243 | protocol=6 | dir=out | app=system | "{5A50CEA9-EBED-40DB-A102-6796DA260671}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5F80BCC6-21A7-484F-9E31-C6EA9A24E955}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6B69897B-04C0-4FB1-B043-0C7FC00F250B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{75CA3C6D-FDDF-4B89-B9FD-DD22687BDD09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7F88FA40-4BFE-43C2-8DE4-CA04C367B023}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8F817A62-10BD-4ED2-8DE0-F7E170F167EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ACC5B3C1-E465-4FE7-B89D-9A64370FF933}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B217DCFD-8400-4F7F-A67F-F3E45AEBEF19}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{BD09C469-401F-4054-A805-1947A3D95587}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C4E211A3-44CC-4E1B-9ECC-91AE0B235269}" = lport=10243 | protocol=6 | dir=in | app=system | "{CE66449A-C7F1-476A-AA78-2A186EC6250D}" = lport=137 | protocol=17 | dir=in | app=system | "{D87F5BE9-9263-46EE-807C-96A71C9B9DCB}" = rport=139 | protocol=6 | dir=out | app=system | "{DBE99298-E629-4418-84A3-176BECA1ECEB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{DF6F272C-7BD6-477A-A2D9-A865FE472CAD}" = lport=139 | protocol=6 | dir=in | app=system | "{DFB82465-6CE1-44F9-9B6C-A33743A7A109}" = lport=445 | protocol=6 | dir=in | app=system | "{E47B4430-69F0-4D9E-9512-DFB715F872FF}" = lport=138 | protocol=17 | dir=in | app=system | "{EC0A4977-98B5-44A5-8C18-B41E10434CC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EFBFB3B5-BB8B-4965-BB72-C1FFA829AF1E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F45D66B4-9164-4063-BC62-DD5D631742C9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04D0CF32-7FF2-44A0-BAF3-C5545AE45215}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | "{10FBF422-D309-4087-A2BE-EA9D1EF1C692}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{21B5E748-585E-4D56-8258-93C6B2E829F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{2A28D5D3-40E0-49F3-98FB-1225797F4EB3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{3205937A-B20E-4277-9AF6-4AE48ECEEFB7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{33A7F1FC-3770-43F1-8004-7C98720233B7}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{3575E1E4-1441-49E4-942B-C9370413F574}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3910B126-D6E0-48B6-84B5-7562B9A2E2F2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3A26849C-E6AB-4FED-AF78-3FAE57C9C9D3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3E0D0037-5306-4F97-B4CD-F431D5CB5357}" = protocol=6 | dir=out | app=system | "{44BE6BE0-F772-4571-B5B0-03B8903FCF53}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{57633BF4-7DDF-4BD2-8B37-9B167733B2D9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{598AAFFF-E7FF-4808-8D6B-0A440DA6FDF1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{6CF993BB-A763-4DAF-9437-84E679EAD9EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7102A8B2-3AC6-4A8F-AED0-DFE06655A221}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{74BDB6E5-04AC-4A06-BE87-9BD9F2C05425}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{76D1A444-F4A6-49B5-97C8-540CE6E91777}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{770AF863-A706-4319-B55C-D8AA7CCD8CC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{77E8F322-1C75-44C7-A646-7D9576A6F45E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{7A05E505-5617-461C-9CE6-254D0A7DAE3D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7CE69DC9-6764-4FE0-B763-BBEA85CA6985}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{7D896614-CABD-4DB4-8C77-46C37352F2A4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{81D4CB5F-4650-4783-8533-3BE6B8F14C76}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{88D6A6A5-F1BE-4E31-A273-150AE186130E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{89ADDBD9-900F-482E-AE72-D4B849EFCA53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8CBA296F-AC91-444E-8A23-34BF98E82418}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8CD6CF4B-F7B0-4938-A56C-98FFA534E094}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8FEC986F-8382-47BF-95A3-168BDF606894}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{93C72327-751D-4602-A947-38BD56A4DDCB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A7D2F180-9FB0-43DC-BAB9-A0877EB114FF}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{BFCAED60-FA33-4E5A-BFE1-63E2A493F9E7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{C41F073D-ABD5-4D7A-8979-82D7D836F946}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EE12F363-8F0F-4595-A95B-10B43C74A4C0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F0A27CD8-E716-4A20-B843-76CBB76C80CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FAC7D99D-17E5-42BF-BAD9-44AC4A210D3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java SE Development Kit 7 (64-bit) "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Dell Support Center" = Dell Support Center "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "WinRAR archiver" = WinRAR 4.01 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}" = Dell MusicStage "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2 "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7 "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C9815885-6775-46D8-8B67-30214ECF83C3}" = Dell Stage "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "ENTERPRISER" = Microsoft Office Enterprise 2007 "GoToAssist" = GoToAssist 8.0.0.514 "InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Red Eclipse" = Red Eclipse "Security Task Manager" = Security Task Manager 1.8d "WildTangent dell Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2121925346-1442831497-2744593039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/20/2012 2:30:05 AM | Computer Name = Jora-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswKbd. System Error: The system cannot find the file specified. . Error - 6/20/2012 2:30:05 AM | Computer Name = Jora-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt. System Error: The system cannot find the file specified. . Error - 6/20/2012 2:30:05 AM | Computer Name = Jora-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary avast! Firewall Core Firewall Service. System Error: The system cannot find the file specified. . Error - 6/20/2012 2:30:05 AM | Computer Name = Jora-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswRdr. System Error: The system cannot find the file specified. . Error - 6/20/2012 2:30:05 AM | Computer Name = Jora-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswSnx. System Error: The system cannot find the file specified. . Error - 6/20/2012 2:30:05 AM | Computer Name = Jora-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswSP. System Error: The system cannot find the file specified. . Error - 6/20/2012 2:30:05 AM | Computer Name = Jora-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary avast! Network Shield Support. System Error: The system cannot find the file specified. . Error - 6/20/2012 2:00:10 PM | Computer Name = Jora-PC | Source = PC-Doctor | ID = 1 Description = (2520) Asapi: (13:00:10:0070)(2520) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll' Error - 6/20/2012 2:00:10 PM | Computer Name = Jora-PC | Source = PC-Doctor | ID = 1 Description = (2520) Asapi: (13:00:10:0380)(2520) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load. Error - 6/20/2012 3:55:45 PM | Computer Name = Jora-PC | Source = McLogEvent | ID = 5051 Description = [ Dell Events ] Error - 8/5/2011 7:29:59 PM | Computer Name = Jora-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 8/5/2011 7:30:00 PM | Computer Name = Jora-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 8/5/2011 9:39:48 PM | Computer Name = Jora-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 8/5/2011 9:39:48 PM | Computer Name = Jora-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 11/20/2011 10:39:41 PM | Computer Name = Jora-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. [ System Events ] Error - 6/25/2012 11:43:12 PM | Computer Name = Jora-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 6/25/2012 11:44:06 PM | Computer Name = Jora-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Defender service terminated with the following error: %%126 Error - 6/26/2012 9:00:46 PM | Computer Name = Jora-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 6/26/2012 9:00:46 PM | Computer Name = Jora-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 6/26/2012 9:10:05 PM | Computer Name = Jora-PC | Source = Service Control Manager | ID = 7000 Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: %%31 Error - 6/26/2012 9:16:21 PM | Computer Name = Jora-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 6/26/2012 9:18:21 PM | Computer Name = Jora-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 6/26/2012 9:19:03 PM | Computer Name = Jora-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Defender service terminated with the following error: %%126 Error - 6/26/2012 9:20:05 PM | Computer Name = Jora-PC | Source = Service Control Manager | ID = 7000 Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: %%31 Error - 6/26/2012 9:30:03 PM | Computer Name = Jora-PC | Source = Service Control Manager | ID = 7000 Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: %%31 < End of report >
  4. Yes when it finished it opens this and i do control a and control c to get all of it. It says the log is located at the c:/combofix.txt but dont know where that is. Also, my antimalaware has like 3 days left. does that mean after that it's gone?
  5. ComboFix 12-06-26.02 - Jora 06/26/2012 20:13:52.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5943.4423 [GMT -5:00] Running from: c:\users\Jora\Downloads\ComboFix.exe Command switches used :: c:\users\Jora\Downloads\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 ))))))))))))))))))))))))))))))) . . 2012-06-27 01:18 . 2012-06-27 01:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-27 01:18 . 2012-06-27 01:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-06-25 22:01 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-25 22:01 . 2012-06-25 22:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-19 20:46 . 2012-06-19 20:46 -------- d-----w- c:\users\Jora\jagexcache 2012-06-19 18:35 . 2012-02-23 15:18 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-06-19 03:43 . 2012-06-19 03:43 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-06-19 02:42 . 2012-06-19 02:42 -------- d-----w- c:\users\Jora\AppData\Roaming\Malwarebytes 2012-06-19 02:41 . 2012-06-19 02:41 -------- d-----w- c:\programdata\Malwarebytes 2012-06-18 22:50 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-18 22:50 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-18 22:50 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-18 22:50 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-18 22:50 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-18 22:50 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-18 22:50 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-18 22:50 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-18 22:50 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-18 18:13 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe 2012-06-18 18:12 . 2012-06-21 00:43 -------- d-----w- c:\programdata\AVAST Software 2012-06-18 18:12 . 2012-06-20 19:48 -------- d-----w- c:\program files\AVAST Software 2012-06-18 17:46 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys 2012-06-14 20:20 . 2012-05-04 16:52 5473136 ----a-w- c:\windows\system32\ntoskrnl.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-15 16:37 . 2011-02-25 22:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-30 11:09 . 2012-05-08 19:36 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-26_03.44.35 ))))))))))))))))))))))))))))))))))))))))) . + 2011-02-25 23:03 . 2012-06-27 01:02 48312 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-27 01:02 30842 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-08-06 01:25 . 2012-06-27 01:02 18764 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2121925346-1442831497-2744593039-1001_UserData.bin - 2011-08-06 01:25 . 2012-06-25 22:00 18764 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2121925346-1442831497-2744593039-1001_UserData.bin + 2011-08-05 22:12 . 2012-06-27 01:00 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-05 22:12 . 2012-06-26 00:08 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-05 22:12 . 2012-06-26 00:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-08-05 22:12 . 2012-06-27 01:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-26 00:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-27 01:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-06 01:45 . 2012-06-26 03:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-06 01:45 . 2012-06-27 01:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:46 . 2012-06-26 03:51 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2011-08-06 01:45 . 2012-06-26 03:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-08-06 01:45 . 2012-06-27 01:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-08-06 01:45 . 2012-06-27 01:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-06 01:45 . 2012-06-26 03:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-05 23:34 . 2012-06-26 03:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-05 23:34 . 2012-06-27 01:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-05 23:34 . 2012-06-27 01:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-05 23:34 . 2012-06-26 03:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-06-26 03:43 . 2012-06-26 03:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-27 01:18 . 2012-06-27 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-27 01:18 . 2012-06-27 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-26 03:43 . 2012-06-26 03:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-25 3077528] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Boot"="c:\users\Jora\AppData\Roaming\Dell Touch Zone\loader.jar" [2012-06-26 81049] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 0270071340759405mcinstcleanup;McAfee Application Installer Cleanup (0270071340759405);c:\users\Jora\AppData\Local\Temp\027007~1.EXE [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08 136176] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08 136176] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-06 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 271872] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] . . Contents of the 'Scheduled Tasks' folder . 2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08 00:20] . 2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08 00:20] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2121925346-1442831497-2744593039-1001Core.job - c:\users\Jora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 23:54] . 2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2121925346-1442831497-2744593039-1001UA.job - c:\users\Jora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 23:54] . 2012-06-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47] . 2012-06-27 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2010-10-29 4775176] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111249,16898,0,8,0 mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Java\jre6\bin\javaw.exe . ************************************************************************** . Completion time: 2012-06-26 20:22:16 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-27 01:22 ComboFix2.txt 2012-06-26 03:52 . Pre-Run: 926,198,624,256 bytes free Post-Run: 926,033,076,224 bytes free . - - End Of File - - EEC5AAA720F04E5E571F93D6FE8CAEAE This is the thing that opened on notepad when it finished running? I don't know where to find c:/combofix.txt
  6. ComboFix 12-06-25.05 - Jora 06/25/2012 22:30:21.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5943.4392 [GMT -5:00] Running from: c:\users\Jora\Downloads\ComboFix.exe AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Hyperionics DB Toolbar\tbHElper.dll c:\users\Jora\AppData\Local\Minibar c:\users\Jora\AppData\Local\Minibar\chrome\background.html c:\users\Jora\AppData\Local\Minibar\chrome\cached_http_request.js c:\users\Jora\AppData\Local\Minibar\chrome\extension_info.json c:\users\Jora\AppData\Local\Minibar\chrome\icons\icon128.png c:\users\Jora\AppData\Local\Minibar\chrome\icons\icon19.png c:\users\Jora\AppData\Local\Minibar\chrome\icons\icon32.png c:\users\Jora\AppData\Local\Minibar\chrome\icons\icon48.png c:\users\Jora\AppData\Local\Minibar\chrome\includes\content.js c:\users\Jora\AppData\Local\Minibar\chrome\includes\content_kango.js c:\users\Jora\AppData\Local\Minibar\chrome\includes\content_messaging.js c:\users\Jora\AppData\Local\Minibar\chrome\includes\content_userscript.js c:\users\Jora\AppData\Local\Minibar\chrome\kango-ui\button.js c:\users\Jora\AppData\Local\Minibar\chrome\kango-ui\ui.js c:\users\Jora\AppData\Local\Minibar\chrome\kango\browser.js c:\users\Jora\AppData\Local\Minibar\chrome\kango\console.js c:\users\Jora\AppData\Local\Minibar\chrome\kango\event_listener.js c:\users\Jora\AppData\Local\Minibar\chrome\kango\initialize.js c:\users\Jora\AppData\Local\Minibar\chrome\kango\io.js c:\users\Jora\AppData\Local\Minibar\chrome\kango\jsonstorage.js c:\users\Jora\AppData\Local\Minibar\chrome\kango\kango.js c:\users\Jora\AppData\Local\Minibar\chrome\kango\lang.js c:\users\Jora\AppData\Local\Minibar\chrome\kango\messaging.js c:\users\Jora\AppData\Local\Minibar\chrome\kango\userscript_engine.js c:\users\Jora\AppData\Local\Minibar\chrome\kango\xhr.js c:\users\Jora\AppData\Local\Minibar\chrome\main.js c:\users\Jora\AppData\Local\Minibar\chrome\manifest.json c:\users\Jora\AppData\Local\Minibar\chrome\minibar\actions.js c:\users\Jora\AppData\Local\Minibar\chrome\minibar\cachedxhr.js c:\users\Jora\AppData\Local\Minibar\chrome\minibar\config.js c:\users\Jora\AppData\Local\Minibar\chrome\minibar\macros.js c:\users\Jora\AppData\Local\Minibar\chrome\minibar\minibar.js c:\users\Jora\AppData\Local\Minibar\chrome\popup.html c:\users\Jora\AppData\Local\Minibar\chrome\popup.js c:\users\Jora\AppData\Local\Minibar\chrome\tab.html c:\users\Jora\AppData\Local\Minibar\chrome\tab.js c:\users\Jora\AppData\Local\Minibar\chrome_installer.js c:\users\Jora\AppData\Local\Minibar\common.js c:\users\Jora\AppData\Local\Minibar\install.json c:\users\Jora\AppData\Local\Minibar\minibar.crx c:\users\Jora\AppData\Local\Minibar\sqlite3.exe c:\users\Jora\AppData\Local\Minibar\Uninstall.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 ))))))))))))))))))))))))))))))) . . 2012-06-26 03:43 . 2012-06-26 03:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-25 22:01 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-25 22:01 . 2012-06-25 22:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-19 20:46 . 2012-06-19 20:46 -------- d-----w- c:\users\Jora\jagexcache 2012-06-19 18:35 . 2012-02-23 15:18 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-06-19 03:43 . 2012-06-19 03:43 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-06-19 02:42 . 2012-06-19 02:42 -------- d-----w- c:\users\Jora\AppData\Roaming\Malwarebytes 2012-06-19 02:41 . 2012-06-19 02:41 -------- d-----w- c:\programdata\Malwarebytes 2012-06-18 22:50 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-18 22:50 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-18 22:50 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-18 22:50 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-18 22:50 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-18 22:50 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-18 22:50 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-18 22:50 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-18 22:50 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-18 18:13 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe 2012-06-18 18:12 . 2012-06-21 00:43 -------- d-----w- c:\programdata\AVAST Software 2012-06-18 18:12 . 2012-06-20 19:48 -------- d-----w- c:\program files\AVAST Software 2012-06-18 17:46 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys 2012-06-14 20:20 . 2012-05-04 16:52 5473136 ----a-w- c:\windows\system32\ntoskrnl.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-18 08:12 . 2012-06-26 02:10 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD33F35A-F04D-4502-B552-C4FB8058CE14}\mpengine.dll 2012-04-15 16:37 . 2011-02-25 22:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-30 11:09 . 2012-05-08 19:36 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-25 3077528] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Boot"="c:\users\Jora\AppData\Roaming\Dell Touch Zone\loader.jar" [2012-06-26 81049] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392] "Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08 136176] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08 136176] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08 00:20] . 2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08 00:20] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2121925346-1442831497-2744593039-1001Core.job - c:\users\Jora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 23:54] . 2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2121925346-1442831497-2744593039-1001UA.job - c:\users\Jora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 23:54] . 2012-06-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47] . 2012-06-25 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2010-10-29 4775176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111249,16898,0,8,0 mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Java\jre6\bin\javaw.exe . ************************************************************************** . Completion time: 2012-06-25 22:52:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-26 03:52 . Pre-Run: 926,361,149,440 bytes free Post-Run: 926,336,327,680 bytes free . - - End Of File - - 26E2240B47D8B29F3EA36364A976A58F Can i delete this combofix and turn protection on malaware ?
  7. Ok now the site is working, I'll download it now
  8. I removed microsoft security essentials and freeze.com and hyperionics and I turned auto protection on anti-malaware . (don't know how to turn it off now lol, the protection module is on and is faded so i can't click it off). But, as for the link, when i go there and click download it redirects me to a site that says this follow, "There appears to be an error with the application You can try to refresh the page by clicking here, if this does not fix the error, you can contact the board administrator by clicking here We apologise for any inconvenience" Don't know what to do there though.
  9. Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.25.09 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Jora :: JORA-PC [administrator] Protection: Disabled 6/25/2012 5:43:57 PM mbam-log-2012-06-25 (17-43-57).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 394773 Time elapsed: 55 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 8/5/2011 6:19:53 PM System Uptime: 6/25/2012 4:58:12 PM (1 hours ago) . Motherboard: Dell Inc. | | 0C2KJT Processor: Intel® Core i5 CPU 650 @ 3.20GHz | CPU 1 | 3201/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 918 GiB total, 862.044 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Virtual WiFi Miniport Adapter Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&388DE88E&0&01 Manufacturer: Microsoft Name: Microsoft Virtual WiFi Miniport Adapter PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&388DE88E&0&01 Service: vwifimp . ==== System Restore Points =================== . RP148: 6/19/2012 3:36:52 PM - avast! Internet Security Setup RP149: 6/20/2012 1:30:00 AM - Windows Update RP150: 6/20/2012 2:48:07 PM - avast! Internet Security Setup RP151: 6/20/2012 7:40:53 PM - avast! Internet Security Setup RP152: 6/22/2012 8:27:05 PM - Installed Dell MusicStage RP153: 6/23/2012 5:01:25 PM - Windows Update RP154: 6/24/2012 7:00:14 PM - Windows Backup . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Ad-Aware Adobe Flash Player 10 ActiveX Adobe Reader 9.1.2 Adobe Shockwave Player 11.6 Camtasia Studio 7 Consumer In-Home Service Agreement D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Getting Started Guide Dell MusicStage Dell PhotoStage Dell Product Registration Dell Stage Dell VideoStage DirectX 9 Runtime Freeze.com NetAssistant Google Chrome Google Earth Google Update Helper GoToAssist 8.0.0.514 Hyperionics DB Toolbar Intel® Graphics Media Accelerator Driver Internet Explorer Java Auto Updater Java 6 Update 31 Junk Mail filter update Malwarebytes Anti-Malware version 1.61.0.1400 McAfee Security Center McAfee Security Scan Plus Mesh Runtime Messenger Companion Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Multimedia Card Reader NetAssistant Pando Media Booster PhotoShowExpress Realtek High Definition Audio Driver Red Eclipse Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Security Task Manager 1.8d Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Skype Toolbars Skype™ 5.9 Sonic CinePlayer Decoder Pack swMSM TeamSpeak 3 Client Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) WildTangent Games Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 6/25/2012 4:58:38 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004 6/20/2012 7:34:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeGroupListener service. 6/20/2012 7:33:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. 6/20/2012 6:42:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service. 6/20/2012 6:42:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 6/20/2012 6:41:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service. 6/20/2012 6:41:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 6/20/2012 6:40:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 6/20/2012 6:40:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 6/20/2012 6:39:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service. 6/20/2012 6:39:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNaiAnn service. 6/20/2012 6:38:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service. 6/20/2012 6:38:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McMPFSvc service. 6/20/2012 3:11:33 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 6/20/2012 3:11:32 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. 6/20/2012 3:10:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. 6/20/2012 3:01:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 6/19/2012 3:32:28 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 6/19/2012 11:47:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Lavasoft Ad-Aware Service service to connect. 6/19/2012 11:47:24 AM, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/18/2012 9:01:20 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 6/18/2012 6:01:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswFW aswKbd aswRdr aswSnx aswSP aswTdi DfsC discache mfehidk mfenlfk MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 6/18/2012 6:01:58 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/18/2012 6:01:58 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 6/18/2012 6:01:58 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/18/2012 6:01:58 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/18/2012 6:01:58 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/18/2012 6:01:58 PM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 6/18/2012 6:01:58 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 6/18/2012 6:01:58 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 6/18/2012 6:01:58 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start. 6/18/2012 6:01:58 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 6/18/2012 6:01:58 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/18/2012 6:01:56 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/18/2012 6:01:56 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 6/18/2012 6:01:56 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 6/18/2012 6:01:56 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/18/2012 5:57:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 6/18/2012 1:51:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 6/18/2012 1:51:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 6/18/2012 1:51:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 6/18/2012 1:50:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 6/18/2012 1:48:30 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/18/2012 1:46:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/18/2012 1:46:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/18/2012 1:46:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 6/18/2012 1:46:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 6/18/2012 1:46:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/18/2012 1:46:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/18/2012 1:36:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Personal Firewall Service service to connect. 6/18/2012 1:36:37 PM, Error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/18/2012 1:34:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58} 6/18/2012 1:29:36 PM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting. 6/18/2012 1:27:31 PM, Error: Service Control Manager [7022] - The McAfee VirusScan Announcer service hung on starting. . ==== End Of File =========================== (that was attach) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by Jora at 17:47:10 on 2012-06-25 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5943.3795 [GMT -5:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Windows\system32\conhost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe C:\Program Files (x86)\Java\jre6\bin\javaw.exe C:\Program Files\mcafee.com\agent\mcagent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\Jora\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jora\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jora\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jora\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Jora\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jora\AppData\Local\Google\Chrome\Application\chrome.exe C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe C:\Program Files (x86)\Java\jre6\bin\java.exe C:\Windows\system32\conhost.exe C:\Users\Jora\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111249,16898,0,8,0 uSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110807170127.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll TB: Hyperionics DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll uRun: [Google Update] "C:\Users\Jora\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRunOnce: [boot] C:\Users\Jora\AppData\Roaming\Dell Touch Zone\loader.jar mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [<NO NAME>] mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{1D6C2884-568F-4E9E-8DC9-7DD70C679AEF} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{CFB8C8C8-9A00-4D3F-AEAE-BA233AC6053E} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{CFB8C8C8-9A00-4D3F-AEAE-BA233AC6053E}\34943534F4 : DhcpNameServer = 68.94.156.1 68.94.157.1 TCP: Interfaces\{CFB8C8C8-9A00-4D3F-AEAE-BA233AC6053E}\34963736F60333630373 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{CFB8C8C8-9A00-4D3F-AEAE-BA233AC6053E}\C4F65746341647 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{CFB8C8C8-9A00-4D3F-AEAE-BA233AC6053E}\C4F65746341647D27657563747 : DhcpNameServer = 192.168.1.254 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110807170127.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll BHO-X64: NetAssistantBHO - No File BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll BHO-X64: SMTTB2009 - No File TB-X64: Hyperionics DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun-x64: [(Default)] mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?] R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2152152] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-7 355440] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-7 355440] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-7 355440] R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-2-25 200056] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-2-25 245352] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2011-2-25 149032] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-2-25 689472] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-12 17152] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-7 136176] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-7 136176] S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe [2012-3-13 237272] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-30 25072] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-7 355440] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-06-25 22:05:28 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{031837D4-F5FA-4F67-8B96-55B742DC7970}\offreg.dll 2012-06-25 22:01:43 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-25 22:01:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-25 16:48:51 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{031837D4-F5FA-4F67-8B96-55B742DC7970}\mpengine.dll 2012-06-23 22:02:14 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-19 20:46:42 -------- d-----w- C:\Users\Jora\jagexcache 2012-06-19 18:35:31 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-06-19 02:42:13 -------- d-----w- C:\Users\Jora\AppData\Roaming\Malwarebytes 2012-06-19 02:41:44 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-18 22:50:50 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-18 22:50:28 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-18 22:50:01 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-18 22:50:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-18 18:12:18 -------- d-----w- C:\ProgramData\AVAST Software 2012-06-18 18:12:18 -------- d-----w- C:\Program Files\AVAST Software 2012-06-18 18:03:01 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75B21E1C-B618-4848-86AD-0C994634A8B4}\gapaengine.dll 2012-06-18 17:47:41 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-06-18 17:47:23 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-06-18 17:46:50 374664 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-06-18 17:38:14 -------- d-----w- C:\ProgramData\McAfee Security Scan 2012-06-18 17:38:07 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan 2012-06-14 20:20:30 5473136 ----a-w- C:\Windows\System32\ntoskrnl.exe . ==================== Find3M ==================== . 2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-15 01:32:20 3144192 ----a-w- C:\Windows\System32\win32k.sys 2012-05-04 10:03:46 3970928 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:46 3915632 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-20 06:22:18 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2012-04-20 05:05:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2012-04-20 05:00:31 482816 ----a-w- C:\Windows\System32\html.iec 2012-04-20 04:15:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-04-20 03:58:07 386048 ----a-w- C:\Windows\SysWow64\html.iec 2012-04-20 03:24:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-15 16:37:50 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-04-07 12:18:36 3213824 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:34:37 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 17:48:08.12 =============== Don't know if this is a coincidence or not but the file does not appear now after I do a full scan! I think it's finally gone!!
  10. Thanks again btw and sorry ill stop bumping lol you've been a great help already!
  11. Ok the full scan will take an hour or a bit more so ill post when it's done!
  12. Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.25.09 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Jora :: JORA-PC [administrator] Protection: Disabled 6/25/2012 5:03:22 PM mbam-log-2012-06-25 (17-03-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223000 Time elapsed: 5 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) However, when i do a full scan for like 1 1/2 hours-2 hours then it detects the malware.trace. not in quick scan. but when i do a full scan on microsoft security essentials, there's nothing! What's this mean?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.