ebailey810

I received a call from someone saying he was from Windows and there is an infection in our centralized server. He asked me to RUN: eventvwr and indeed there are some 19,000 events with many warnings and errors listed in the Local log. He wanted to connect to my computer remotely. I have no idea if he really is with windows or not or if I do have an infection. Can you advise please?

Thank you so much! I did both and so far so good. Really appreciate your time!!

Hi. When I try to go to youtube my screen goes black and then blue screen and then crashes and mini dump. Can someone help. I have already tried system restore which did not work. WhoCrashed Report: On Mon 5/6/2013 5:15:03 PM GMT your computer crashed crash dump file: C:\Windows\Minidump\050613-16224-01.dmp This was probably caused by the following module: atikmpag.sys (atikmpag+0x6C08) Bugcheck code: 0x116 (0xFFFFFA80075804E0, 0xFFFFF8800420DC08, 0x0, 0x2) Error: VIDEO_TDR_ERROR file path: C:\Windows\system32\drivers\atikmpag.sys product: AMD driver company: Advanced Micro Devices, Inc. description: AMD multi-vendor Miniport Driver Bug check description: This indicates that an attempt to reset the display driver and recover from a timeout failed. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: atikmpag.sys (AMD multi-vendor Miniport Driver, Advanced Micro Devices, Inc.). Google query: atikmpag.sys Advanced Micro Devices, Inc. VIDEO_TDR_ERROR On Mon 5/6/2013 5:15:03 PM GMT your computer crashed crash dump file: C:\Windows\memory.dmp This was probably caused by the following module: dxgkrnl.sys (dxgkrnl!TdrResetFromTimeout+0x214) Bugcheck code: 0x116 (0xFFFFFA80075804E0, 0xFFFFF8800420DC08, 0x0, 0x2) Error: VIDEO_TDR_ERROR file path: C:\Windows\system32\drivers\dxgkrnl.sys product: Microsoft® Windows® Operating System company: Microsoft Corporation description: DirectX Graphics Kernel Bug check description: This indicates that an attempt to reset the display driver and recover from a timeout failed. The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.

C:\Users\MCO\AppData\Roaming\iolo\Disabled Entries\Current User\ctfmon.lnk Win32/Reveton.J trojan C:\Users\MCO\Downloads\RegistryQuick_setup.exe a variant of Win32/Adware.RegistryQuick application re-ran as administrator.

I thought I had it correct, but I do not believe the scan ran as administrator. And unfortunately there is still a couple threats. C:\Users\MCO\AppData\Roaming\iolo\Disabled Entries\Current User\ctfmon.lnk Win32/Reveton.J trojan C:\Users\MCO\Downloads\RegistryQuick_setup.exe a variant of Win32/Adware.RegistryQuick application

cannot get the Eset to work. I am in IE but I think I have firefox set as my default browser and I do not know how to change. Sorry I am so useless.

ahhhh... I got it. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:30:52 PM, on 1/8/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe C:\Users\MCO\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" -stealth O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Startup: DING!.lnk = C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe O4 - Global Startup: Bloggie Watcher Utility.lnk = C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\896\g2aservice.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11109 bytes Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.08.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 MCO :: MCO-PC [administrator] Protection: Enabled 1/8/2013 12:42:06 PM mbam-log-2013-01-08 (12-42-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 214497 Time elapsed: 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Under report for HijackThis is has a long list of Root:...file missing. I hope I have done something wrong.

I just completed HijackThis and I highlight and copy log, but just like on MBAM log it will not let me paste into this box.

Whew! Okay. Should I try and remove things from MBAM or just go on to HijackThis?

CCLeaner Log: 360 bm removed Looks like Internet explorer and firefox stuff, System - Windows log files and lots of applications such as google eart mcafee antivirus ms office picture manager office 2003 google toolbar ie adobe flash player microsoft silverlight quicktime player cache real player 15 windows media center windows media player utilities - windows defender windows - ms search Are all of those things really gone? Or is it just files? Worried.

I need help on this round. Everything fine until I ran the cleaner. The cleaner said it deleted 340 mb including mcafee and some other important looking items. Is this okay. It would not let me copy and past but I took a snip pic. When I ran MBAM the report said nothing malicious found. I did not see any checked boxes..just a log. I went to copy and when I tried to paste it would not let me. I had already closed the log and could not find C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt So I did not see anything to remove. Thought I would give you an update before I continued on to to "HijackThis" step.

I just reset the network connection on my phone and now it's working. Should be the same for the ipad.

I ran the test and everything went well. I did not get an "illegal" notice this time. The pop up's are gone (thank you!!). The only other thing that is unusual is I can no longer connect to the wireless connection from my apple phone or ipad. I can connect wirelessly from my laptop but it's extremely slow. The laptop is asking if I want to disable add-on's to speed up the connection. ComboFix 13-01-06.01 - MCO 01/08/2013 10:45:02.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6725 [GMT -7:00] Running from: c:\users\MCO\Desktop\ComboFix.exe Command switches used :: c:\users\MCO\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\MCO\AppData\Local\Microsoft\Windows\2056\themecpl.exe c:\users\MCO\AppData\Roaming\Yrcu c:\users\MCO\AppData\Roaming\Yrcu\exyx.umu . . ((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 ))))))))))))))))))))))))))))))) . . 2013-01-08 17:49 . 2013-01-08 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-08 03:02 . 2013-01-08 03:02 -------- d-----w- c:\users\MCO\AppData\Local\LogMeIn 2013-01-08 03:02 . 2012-12-18 16:33 88600 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2013-01-08 03:02 . 2012-12-18 16:33 60920 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll 2013-01-08 03:02 . 2012-12-18 16:33 35832 ----a-w- c:\windows\system32\LMIport.dll 2013-01-08 03:02 . 2012-11-29 18:56 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys 2013-01-08 03:02 . 2012-12-18 16:33 84472 ----a-w- c:\windows\system32\LMIinit.dll 2013-01-08 03:02 . 2013-01-08 17:32 -------- d-----w- c:\programdata\LogMeIn 2013-01-08 03:01 . 2013-01-08 03:02 -------- d-----w- c:\program files (x86)\LogMeIn 2013-01-08 01:57 . 2013-01-08 01:57 -------- d-----w- c:\users\MCO\AppData\Roaming\Southwest Airlines 2013-01-08 01:57 . 2013-01-08 01:57 8192 ----a-r- c:\users\MCO\AppData\Roaming\Microsoft\Installer\{84031A18-BA9A-4156-A74F-E05B52DDFCE2}\Icon84031A18.exe 2013-01-08 01:57 . 2013-01-08 01:57 -------- d-----w- c:\program files (x86)\Southwest Airlines 2013-01-08 01:56 . 2013-01-08 01:56 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-12-31 22:11 . 2012-10-04 17:41 424960 ----a-w- c:\windows\system32\KernelBase.dll 2012-12-31 22:10 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-31 22:10 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-28 21:03 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-28 21:03 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-28 21:03 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-28 21:03 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-28 19:19 . 2012-12-28 19:19 -------- d-----w- c:\users\MCO\AppData\Local\Programs 2012-12-28 16:45 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-28 16:45 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-28 16:45 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-21 18:40 . 2012-12-21 18:40 -------- d-----w- c:\program files\iPod 2012-12-21 18:40 . 2012-12-21 18:40 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-21 18:40 . 2012-12-21 18:40 -------- d-----w- c:\program files\iTunes 2012-12-21 18:40 . 2012-12-21 18:40 -------- d-----w- c:\program files (x86)\iTunes 2012-12-21 18:39 . 2012-12-21 18:39 -------- d-----w- c:\users\MCO\AppData\Local\Apple Computer 2012-12-14 18:18 . 2012-12-14 18:18 -------- d-----w- c:\users\MCO\AppData\Local\Apple 2012-12-13 18:17 . 2012-12-13 18:17 -------- d-----w- c:\users\MCO\AppData\Roaming\Malwarebytes 2012-12-13 18:17 . 2012-12-13 18:17 -------- d-----w- c:\programdata\Malwarebytes 2012-12-13 18:17 . 2012-12-28 19:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-13 18:17 . 2012-12-14 23:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-10 20:21 . 2012-04-20 23:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2012-12-10 20:21 . 2012-12-10 20:21 -------- d-----w- c:\program files (x86)\Common Files\McAfee 2012-12-10 20:21 . 2012-11-09 13:36 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-12-10 20:20 . 2012-11-09 13:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-12-10 20:20 . 2012-11-09 13:36 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-12-10 20:20 . 2012-11-09 13:34 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-12-10 20:20 . 2012-11-09 13:34 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-12-10 20:20 . 2012-12-12 14:51 -------- d-----w- c:\program files\Common Files\McAfee 2012-12-10 20:20 . 2012-12-10 20:21 -------- d-----w- c:\program files\McAfee 2012-12-10 20:20 . 2012-12-20 16:36 -------- d-----w- c:\program files (x86)\McAfee 2012-12-10 20:13 . 2012-11-09 13:37 177680 ----a-w- c:\windows\system32\mfevtps.exe 2012-12-10 20:12 . 2012-12-10 23:21 -------- d-----w- c:\programdata\McAfee 2012-12-10 20:07 . 2012-12-11 13:33 -------- d-----w- c:\users\MCO\AppData\Local\Adobe 2012-12-10 20:03 . 2012-12-10 20:03 -------- d-s---w- c:\windows\SysWow64\Microsoft 2012-12-10 19:43 . 2012-12-10 19:43 -------- d-----w- C:\!KillBox 2012-12-10 19:29 . 2012-12-10 19:30 335084128 ----a-w- C:\MCAfee.reg 2012-12-09 23:51 . 2012-12-09 23:51 -------- d-----w- c:\windows\Sun 2012-12-09 23:51 . 2012-12-09 23:51 -------- d-----w- c:\users\MCO\AppData\Local\Sun . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-28 21:03 . 2011-10-11 16:01 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 03:37 . 2012-04-01 16:35 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 03:37 . 2011-10-11 15:05 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-07 06:58 . 2011-10-11 17:32 57144 ----a-w- c:\windows\system32\iolobtdfg.exe 2012-12-07 06:57 . 2011-10-11 17:32 25744 ----a-w- c:\windows\system32\smrgdf.exe 2012-12-07 06:42 . 2011-10-11 17:32 2155248 ----a-w- c:\windows\system32\Incinerator64.dll 2012-12-07 06:42 . 2011-10-11 17:32 2097032 ----a-w- c:\windows\SysWow64\Incinerator32.dll 2012-11-29 18:56 . 2012-11-29 18:56 35616 ----a-w- c:\windows\system32\lmimirr.dll 2012-11-29 18:56 . 2012-11-29 18:56 14624 ----a-w- c:\windows\system32\lmimirr2.dll 2012-11-29 18:56 . 2012-11-29 18:56 11552 ----a-w- c:\windows\system32\drivers\lmimirr.sys 2012-11-09 13:37 . 2012-07-17 21:52 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-11-09 13:35 . 2012-07-17 21:50 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 13:33 . 2012-07-17 21:48 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-10-25 10:12 . 2012-10-25 10:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 10:12 . 2012-10-25 10:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38 . 2012-11-28 16:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 16:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 16:11 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" [2011-03-03 12008296] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-11 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2009-11-10 105632] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-04-20 296056] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048] . c:\users\MCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bloggie Watcher Utility.lnk - c:\program files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe [2011-6-9 746856] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "Seagate Dashboard"=c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" "HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-03 33736] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112] R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584] R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-10-21 31152] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-11 1255736] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-18 203264] R4 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720] R4 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/11 09:33;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-27 236016] R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040] R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R4 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-08-02 30752] S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-12-07 1053184] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-12-18 376320] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-11-29 15928] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680] S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-08-02 82160] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - LMIINFO *NewlyCreated* - LMIRFSDRIVER *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:37] . 2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 15:04] . 2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 15:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-11-29 57928] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/ uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 FF - ProfilePath - c:\users\MCO\AppData\Roaming\Mozilla\Firefox\Profiles\au7mdhof.default\ FF - prefs.js: browser.startup.homepage - www.aol.com FF - ExtSQL: 2012-12-28 08:52; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-08 10:50:51 ComboFix-quarantined-files.txt 2013-01-08 17:50 ComboFix2.txt 2013-01-07 21:27 . Pre-Run: 1,880,453,152,768 bytes free Post-Run: 1,880,382,439,424 bytes free . - - End Of File - - B57C25F41AB3E5605A605E9B2381CC28

browsing the internet and so far there are no pop-ups. I did receive a script error when watching a video that froze the computer and I had to reboot to get out of it. And by the way, thank you so much for the time you are taking with me.

I am having pop ups in the lower left corner when browsing the internet that say they are coming from either ad.yieldmanager.com or ad.xtendmedia.com. I believe it does try to redirect me sometimes as well. I ran combofix. It said mcafee was still enabled but I did turn off realtime scanning and firewall and unscheduled updates. I wasn't sure what else to do to verify it was off. They were highlighted in red and said off and that I was at risk. During combofix it restarted the computer automatically and then upon rebooting I did get the illegal operation... and I restarted again. I have not used my browser to yet since my scanning is off. Sorry I'm not much help to you. ComboFix 13-01-06.01 - MCO 01/07/2013 14:18:53.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6480 [GMT -7:00] Running from: c:\users\MCO\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\AMMYY c:\programdata\AMMYY\hr c:\programdata\AMMYY\settings.bin c:\programdata\PCDr\6032\AddOnDownloaded\62089595-46e8-4c4f-9d7b-48be969390bb.dll c:\programdata\PCDr\6032\AddOnDownloaded\918ee45c-eb0a-4e61-97ad-c1849c2623ee.dll c:\programdata\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll c:\users\MCO\AppData\Local\Microsoft\Windows\2056\themecpl.exe c:\users\MCO\Favorites\Favorites.event c:\users\MCO\GoToAssistDownloadHelper.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-07 to 2013-01-07 ))))))))))))))))))))))))))))))) . . 2013-01-07 21:22 . 2013-01-07 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-31 22:11 . 2012-10-04 17:41 424960 ----a-w- c:\windows\system32\KernelBase.dll 2012-12-31 22:10 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-31 22:10 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-28 21:03 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-28 21:03 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-28 21:03 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-28 21:03 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-28 19:19 . 2012-12-28 19:19 -------- d-----w- c:\users\MCO\AppData\Local\Programs 2012-12-28 16:45 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-28 16:45 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-28 16:45 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-21 18:40 . 2012-12-21 18:40 -------- d-----w- c:\program files\iPod 2012-12-21 18:40 . 2012-12-21 18:40 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-21 18:40 . 2012-12-21 18:40 -------- d-----w- c:\program files\iTunes 2012-12-21 18:40 . 2012-12-21 18:40 -------- d-----w- c:\program files (x86)\iTunes 2012-12-21 18:39 . 2012-12-21 18:39 -------- d-----w- c:\users\MCO\AppData\Local\Apple Computer 2012-12-14 18:18 . 2012-12-14 18:18 -------- d-----w- c:\users\MCO\AppData\Local\Apple 2012-12-13 18:17 . 2012-12-13 18:17 -------- d-----w- c:\users\MCO\AppData\Roaming\Malwarebytes 2012-12-13 18:17 . 2012-12-13 18:17 -------- d-----w- c:\programdata\Malwarebytes 2012-12-13 18:17 . 2012-12-28 19:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-13 18:17 . 2012-12-14 23:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-10 20:21 . 2012-04-20 23:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2012-12-10 20:21 . 2012-12-10 20:21 -------- d-----w- c:\program files (x86)\Common Files\McAfee 2012-12-10 20:21 . 2012-11-09 13:36 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-12-10 20:20 . 2012-11-09 13:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-12-10 20:20 . 2012-11-09 13:36 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-12-10 20:20 . 2012-11-09 13:34 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-12-10 20:20 . 2012-11-09 13:34 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-12-10 20:20 . 2012-12-12 14:51 -------- d-----w- c:\program files\Common Files\McAfee 2012-12-10 20:20 . 2012-12-10 20:21 -------- d-----w- c:\program files\McAfee 2012-12-10 20:20 . 2012-12-20 16:36 -------- d-----w- c:\program files (x86)\McAfee 2012-12-10 20:13 . 2012-11-09 13:37 177680 ----a-w- c:\windows\system32\mfevtps.exe 2012-12-10 20:12 . 2012-12-10 23:21 -------- d-----w- c:\programdata\McAfee 2012-12-10 20:07 . 2012-12-11 13:33 -------- d-----w- c:\users\MCO\AppData\Local\Adobe 2012-12-10 20:03 . 2012-12-10 20:03 -------- d-s---w- c:\windows\SysWow64\Microsoft 2012-12-10 19:43 . 2012-12-10 19:43 -------- d-----w- C:\!KillBox 2012-12-10 19:29 . 2012-12-10 19:30 335084128 ----a-w- C:\MCAfee.reg 2012-12-09 23:51 . 2012-12-09 23:51 -------- d-----w- c:\windows\Sun 2012-12-09 23:51 . 2012-12-09 23:51 -------- d-----w- c:\users\MCO\AppData\Local\Sun 2012-12-09 20:05 . 2012-12-09 20:05 -------- d-----w- c:\users\MCO\AppData\Roaming\Yrcu . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-28 21:03 . 2011-10-11 16:01 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 03:37 . 2012-04-01 16:35 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 03:37 . 2011-10-11 15:05 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-07 06:58 . 2011-10-11 17:32 57144 ----a-w- c:\windows\system32\iolobtdfg.exe 2012-12-07 06:57 . 2011-10-11 17:32 25744 ----a-w- c:\windows\system32\smrgdf.exe 2012-12-07 06:42 . 2011-10-11 17:32 2155248 ----a-w- c:\windows\system32\Incinerator64.dll 2012-12-07 06:42 . 2011-10-11 17:32 2097032 ----a-w- c:\windows\SysWow64\Incinerator32.dll 2012-11-09 13:37 . 2012-07-17 21:52 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-11-09 13:35 . 2012-07-17 21:50 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 13:33 . 2012-07-17 21:48 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-10-25 10:12 . 2012-10-25 10:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 10:12 . 2012-10-25 10:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38 . 2012-11-28 16:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 16:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 16:11 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" [2011-03-03 12008296] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-11 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2009-11-10 105632] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-04-20 296056] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bloggie Watcher Utility.lnk - c:\program files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe [2011-6-9 746856] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "Seagate Dashboard"=c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" "HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-03 33736] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112] R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584] R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-10-21 31152] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-11 1255736] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-18 203264] R4 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720] R4 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/11 09:33;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-27 236016] R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040] R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R4 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-08-02 30752] S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-12-07 1053184] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680] S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-08-02 82160] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2013-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:37] . 2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 15:04] . 2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 15:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/ uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 FF - ProfilePath - c:\users\MCO\AppData\Roaming\Mozilla\Firefox\Profiles\au7mdhof.default\ FF - prefs.js: browser.startup.homepage - www.aol.com FF - ExtSQL: 2012-12-28 08:52; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\SysWOW64\rundll32.exe . ************************************************************************** . Completion time: 2013-01-07 14:27:08 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-07 21:27 . Pre-Run: 1,880,420,622,336 bytes free Post-Run: 1,880,243,638,272 bytes free . - - End Of File - - 7AD197DBE762D488EF530F889812BEF7

I tried to back up the computer and it did not work so I am worried.

Just checked and virus is still there. Darn.

I'm sorry. I don't believe I ran roguekiller as administrator. I'm not sure. # AdwCleaner v2.104 - Logfile created 01/07/2013 at 11:57:23 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : MCO - MCO-PC # Boot Mode : Normal # Running from : C:\Users\MCO\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\MCO\AppData\Roaming\Mozilla\Firefox\Profiles\au7mdhof.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [661 octets] - [07/01/2013 11:57:23] ########## EOF - C:\AdwCleaner[R1].txt - [720 octets] ########## RogueKiller V8.4.2 [Jan 6 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : MCO [Admin rights] Mode : Remove -- Date : 01/07/2013 12:15:28 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 87.236.195.128 www.google-analytics.com. 87.236.195.128 ad-emea.doubleclick.net. 87.236.195.128 www.statcounter.com. 87.236.195.128 connect.facebook.net. 93.115.241.27 www.google-analytics.com. 93.115.241.27 ad-emea.doubleclick.net. 93.115.241.27 www.statcounter.com. 93.115.241.27 connect.facebook.net. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST32000641AS ATA Device +++++ --- User --- [MBR] 4076e8bd0867cf1d9e57c05962c08a68 [bSP] b1a0a931b5db181832fad937ca9d6359 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: HP Officejet 6500 E USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_D_01072013_02d1215.txt >> RKreport[1]_S_01072013_02d1213.txt ; RKreport[2]_D_01072013_02d1215.txt

This is from adwCleaner I ran last night. # AdwCleaner v2.104 - Logfile created 01/06/2013 at 22:24:07 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : MCO - MCO-PC # Boot Mode : Normal # Running from : C:\Users\MCO\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\MCO\AppData\Roaming\Mozilla\Firefox\Profiles\au7mdhof.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [2445 octets] - [06/01/2013 22:20:20] AdwCleaner[R2].txt - [2505 octets] - [06/01/2013 22:21:35] AdwCleaner[R3].txt - [2565 octets] - [06/01/2013 22:23:41] AdwCleaner[s1].txt - [2542 octets] - [06/01/2013 22:24:07] ########## EOF - C:\AdwCleaner[s1].txt - [2602 octets] ##########

Thank you. It seems no report came from defogger after I hit disable other than what I am posting. defogger_disable by jpshortstuff (23.02.10.1) Log created at 11:15 on 07/01/2013 (MCO) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 JavaFX 2.1.0 Java 6 Update 29 Java 7 Update 4 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (17.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe iolo Common Lib ioloServiceManager.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 10/10/2011 8:24:31 PM System Uptime: 1/7/2013 10:06:07 AM (1 hours ago) . Motherboard: Dell Inc. | | 0Y2MRG Processor: Intel® Core i7-2600 CPU @ 3.40GHz | CPU 1 | 3366/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 1863 GiB total, 1751.422 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP95: 12/2/2012 7:00:16 PM - Windows Backup RP96: 12/10/2012 6:28:55 AM - Scheduled Checkpoint RP97: 12/10/2012 1:49:55 PM - Windows Backup RP98: 12/17/2012 4:59:22 PM - Scheduled Checkpoint RP99: 12/25/2012 12:00:04 AM - Scheduled Checkpoint RP100: 12/28/2012 2:02:48 PM - Windows Update RP101: 12/31/2012 3:12:07 PM - Windows Update RP102: 1/2/2013 9:47:12 AM - Windows Backup RP103: 1/2/2013 11:00:18 AM - Windows Backup RP104: 1/6/2013 8:35:03 PM - Windows Update RP105: 1/6/2013 8:45:44 PM - Windows Update RP106: 1/6/2013 8:56:05 PM - Windows Update RP107: 1/6/2013 9:13:31 PM - Windows Update . ==== Hosts File Hijack ====================== . Hosts: 87.236.195.128 www.google-analytics.com. Hosts: 87.236.195.128 ad-emea.doubleclick.net. Hosts: 87.236.195.128 www.statcounter.com. Hosts: 87.236.195.128 connect.facebook.net. Hosts: 93.115.241.27 www.google-analytics.com. Hosts: 93.115.241.27 ad-emea.doubleclick.net. Hosts: 93.115.241.27 www.statcounter.com. Hosts: 93.115.241.27 connect.facebook.net. . ==== Installed Programs ====================== . Adobe AIR Adobe Community Help Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS5.1 Adobe Reader X (10.1.4) AOL Toolbar Apple Application Support Apple Mobile Device Support Apple Software Update Applian Director ATI AVIVO64 Codecs ATI Catalyst Install Manager Bloggie Software Bonjour Broadcom NetXtreme-I Netlink Driver and Management Installer Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system Contents ConvertHelper 2.2 Corel PaintShop Photo 2010 CyberLink PowerDVD 9.5 Dell PhotoStage Dell Stage Dell Support Center DeviceIO DirectX 9 Runtime DW WLAN Card Utility Google Earth Google Toolbar for Internet Explorer Google Update Helper GoToAssist Corporate HP Officejet 6500 E710a-f Basic Device Software HP Officejet 6500 E710a-f Help HP Officejet 6500 E710a-f Product Improvement Study HP Update HTC BMP USB Driver HTC Driver Installer HTC Sync I.R.I.S. OCR ICA iCloud Intel® Management Engine Components iolo technologies' System Mechanic IPM_P iTunes Java Auto Updater Java 6 Update 29 Java 7 Update 4 JavaFX 2.1.0 Malwarebytes Anti-Malware version 1.70.0.1100 Marketsplash Shortcuts McAfee SecurityCenter Microsoft .NET Framework 4 Client Profile Microsoft Office File Validation Add-In Microsoft Office Standard Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft_VC80_ATL_x86 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Microsoft_VC90_MFCLOC_x86 Microsoft_VC90_MFCLOC_x86_x64 MLE Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MyTomTom 3.2.0.700 NEC Electronics USB 3.0 Host Controller Driver OverDrive Media Console PDF Settings CS5 PhotoShowExpress PSPH10 PureHD QuickTime RBVirtualFolder64Inst RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Replay Video Capture 5 Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup Seagate Dashboard Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Setup Share Share64 Shared C Run-time for x64 Sonic CinePlayer Decoder Pack Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VIO Visual Studio C++ 10.0 Runtime WhoCrashed 3.02 Windows Media Encoder 9 Series . ==== Event Viewer Messages From Past Week ======== . 12/31/2012 3:05:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 12/31/2012 2:49:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 12/31/2012 1:50:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 12/31/2012 1:50:15 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 12/31/2012 1:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 12/31/2012 1:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 12/31/2012 1:50:12 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21 12/31/2012 1:50:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/31/2012 1:50:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 12/31/2012 1:50:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElRawDisk spldr Wanarpv6 1/7/2013 10:06:16 AM, Error: volmgr [46] - Crash dump initialization failed! 1/6/2013 9:22:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB2592687). 1/6/2013 12:22:29 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR11. 1/5/2013 5:47:15 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2. 1/5/2013 10:23:13 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 1/2/2013 12:45:17 PM, Error: volsnap [25] - The shadow copies of volume J: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied. . ==== End Of File ===========================

McAfee support took over my computer remotely and said they could not detect anything. Malwarebytes, System Mechanic, AdwCleaner, and probably a few others have not been able to detect anything. So frustrated and feeling just a little violated. Can you help?