Problems after malware removal

jaabuck · July 25, 2012

Post Merged

We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped.

Please be patient, someone will assist you as soon as possible.

I received lots of crazy errors about disk probelsm, etc. Ran malwarebytes and it found 8 problems. After rebooting both accounts on this PC has lots of problems. Unhid the user accounts and most cleared up. On account looks normal. On the other, the start menu is blank, the icons are missing from the taskbar, the systray area looks strange and speaker icon is red. Also, when I search in google and select a site from the results I'm taken to another unrelated web site. Also, Macafee has popped up a couple messages about blocking an unsafe site when I wasn't even in IE.

Here is DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by John at 15:57:08 on 2012-07-25

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6126.4737 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

C:\Program Files\McAfee\MAT\McPvTray.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120621211457.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-am1.infor.com/CACHE/stc/1/binaries/vpnweb.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{44E3CB0C-7FA9-41E1-94A8-758D2B2D5970} : DhcpNameServer = 192.168.0.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120621211457.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [(Default)]

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

.

============= SERVICES / DRIVERS ===============

.

R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-16 13336]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-12 249936]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-12 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-12 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-12 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-1-12 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-1-12 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-5-23 465872]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-24 136176]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S3 acsock;acsock;C:\Windows\system32\DRIVERS\acsock64.sys --> C:\Windows\system32\DRIVERS\acsock64.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-24 136176]

S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-25 11:11:49 -------- d-----w- C:\Users\John\AppData\Local\{693FA3D4-F25C-42D2-A0EA-7E32BDB12333}

2012-07-25 11:11:09 -------- d-----w- C:\Users\John\AppData\Local\{CCF12536-56EE-4577-B173-DD57BC6E97C2}

2012-07-24 23:10:29 -------- d-----w- C:\Users\John\AppData\Local\{6F9EE39A-D91F-4B65-BF56-83A95803DCBF}

2012-07-24 23:09:50 -------- d-----w- C:\Users\John\AppData\Local\{42FFD6A5-88DA-47C5-A904-43CBE36CE8FB}

2012-07-24 11:09:09 -------- d-----w- C:\Users\John\AppData\Local\{9ABFB2FA-DE7C-465A-BBAD-1CB05F603D91}

2012-07-24 11:08:30 -------- d-----w- C:\Users\John\AppData\Local\{E3A444F7-CF38-416D-8630-58B1E85323B7}

2012-07-23 23:07:48 -------- d-----w- C:\Users\John\AppData\Local\{929788BA-A540-42D5-B78E-B73A7356F77B}

2012-07-23 23:07:09 -------- d-----w- C:\Users\John\AppData\Local\{7A8D7B38-1F88-481B-AAE3-18D4ED928935}

2012-07-23 11:06:28 -------- d-----w- C:\Users\John\AppData\Local\{EABA6921-2090-40F5-97FC-908E6D7370FA}

2012-07-23 11:05:49 -------- d-----w- C:\Users\John\AppData\Local\{64612333-BF58-40B4-9A9A-EEB2CEC59472}

2012-07-22 23:05:08 -------- d-----w- C:\Users\John\AppData\Local\{8768DA52-8695-4A83-AC7D-D7F12164AD1B}

2012-07-22 23:04:28 -------- d-----w- C:\Users\John\AppData\Local\{6FE78B3C-B978-457D-A35E-12F17E31F27C}

2012-07-22 11:03:47 -------- d-----w- C:\Users\John\AppData\Local\{4D5FB1D2-84B7-4B1D-8B9D-9967BA544DDD}

2012-07-22 11:03:08 -------- d-----w- C:\Users\John\AppData\Local\{80A68F4C-1885-407D-9161-702AD7D8C5C2}

2012-07-21 23:02:27 -------- d-----w- C:\Users\John\AppData\Local\{F5ABFD05-3B93-4AF4-A7F5-88225F42CDBA}

2012-07-21 23:01:48 -------- d-----w- C:\Users\John\AppData\Local\{B6168973-5545-4785-8351-C80CBD2141A9}

2012-07-21 11:01:05 -------- d-----w- C:\Users\John\AppData\Local\{3FC2CC00-DECE-47A2-8195-98713E2BB356}

2012-07-21 11:00:26 -------- d-----w- C:\Users\John\AppData\Local\{FDC11848-1718-4F86-A8B9-1D4E7FEE04CE}

2012-07-20 22:59:45 -------- d-----w- C:\Users\John\AppData\Local\{D82107FF-67C4-4AE5-9E45-A4D09CFB36E2}

2012-07-20 22:59:06 -------- d-----w- C:\Users\John\AppData\Local\{21E8C1AA-A601-40E8-8B0B-DA60618063C4}

2012-07-20 10:58:24 -------- d-----w- C:\Users\John\AppData\Local\{F8ED8BD7-34A9-40E4-829B-7B9D652BA749}

2012-07-20 10:57:45 -------- d-----w- C:\Users\John\AppData\Local\{0C4C956F-0D35-4926-83E5-97E250B1A981}

2012-07-19 22:57:04 -------- d-----w- C:\Users\John\AppData\Local\{3719B94A-75E1-4B0E-A258-CA1A7937C41B}

2012-07-19 22:56:24 -------- d-----w- C:\Users\John\AppData\Local\{47589D3C-81E1-4122-85F0-5C3E6A4B82F5}

2012-07-19 10:55:44 -------- d-----w- C:\Users\John\AppData\Local\{8BB4ED9D-E190-4DC6-BD72-D02444D59179}

2012-07-19 10:55:04 -------- d-----w- C:\Users\John\AppData\Local\{3BE3538F-18F6-4B40-9DD2-097991CE373E}

2012-07-18 22:54:23 -------- d-----w- C:\Users\John\AppData\Local\{444A5568-B4B5-40A4-9B9A-83B58ADB75DD}

2012-07-18 22:53:43 -------- d-----w- C:\Users\John\AppData\Local\{37BE5802-1566-4620-B03F-4227C5E09AEF}

2012-07-18 10:53:02 -------- d-----w- C:\Users\John\AppData\Local\{8311D776-37B5-4B86-88BE-B96257DF7998}

2012-07-18 10:52:23 -------- d-----w- C:\Users\John\AppData\Local\{4CF4C299-B235-4B7D-AF1A-A3D6583CD73C}

2012-07-17 22:51:42 -------- d-----w- C:\Users\John\AppData\Local\{8C4F347F-9A36-4AF1-9E2A-A63F65204220}

2012-07-17 22:51:03 -------- d-----w- C:\Users\John\AppData\Local\{1F71C587-BC41-4A91-A7F6-E2748255B919}

2012-07-17 10:50:20 -------- d-----w- C:\Users\John\AppData\Local\{FE31220F-845D-4D4D-9D2F-13825D70D87B}

2012-07-17 10:49:41 -------- d-----w- C:\Users\John\AppData\Local\{03508CE5-C639-49C8-8551-C0931E3A6AA3}

2012-07-16 22:49:00 -------- d-----w- C:\Users\John\AppData\Local\{F70C16BB-BA62-469C-8F8C-8B12FE762FAB}

2012-07-16 22:48:21 -------- d-----w- C:\Users\John\AppData\Local\{61C19E5A-9368-4334-9889-C33A13B96B79}

2012-07-16 10:47:40 -------- d-----w- C:\Users\John\AppData\Local\{E76DF9A1-82E3-4946-9568-B48315828FD0}

2012-07-16 10:47:01 -------- d-----w- C:\Users\John\AppData\Local\{443EF635-CAAF-4BFA-A87A-54D2D131918B}

2012-07-15 22:46:07 -------- d-----w- C:\Users\John\AppData\Local\{E62C08DA-0D71-4EB6-9209-887FC4C1862A}

2012-07-15 22:45:28 -------- d-----w- C:\Users\John\AppData\Local\{EAFB187A-3391-483C-976D-363DF01BE14A}

2012-07-15 10:44:34 -------- d-----w- C:\Users\John\AppData\Local\{4BAB2936-5429-4AA4-BD7E-7DB4836EE071}

2012-07-15 10:43:55 -------- d-----w- C:\Users\John\AppData\Local\{4AFFF082-1FA3-4674-B98D-93EA2D7F5C57}

2012-07-14 22:43:12 -------- d-----w- C:\Users\John\AppData\Local\{AB81DE60-61A7-4984-B207-27CAE190FA39}

2012-07-14 22:42:33 -------- d-----w- C:\Users\John\AppData\Local\{01BDD72C-99BA-4527-94D8-92D3E68E2DC6}

2012-07-14 10:41:39 -------- d-----w- C:\Users\John\AppData\Local\{E581CA0D-0C20-4401-8CF2-F415A55C1DA1}

2012-07-14 10:40:59 -------- d-----w- C:\Users\John\AppData\Local\{2EE006ED-4186-4054-BBB4-0865E784E778}

2012-07-13 22:40:18 -------- d-----w- C:\Users\John\AppData\Local\{A7A9A51D-EB26-4B9D-9814-E3358552ABC7}

2012-07-13 22:39:39 -------- d-----w- C:\Users\John\AppData\Local\{B47D2333-F43E-4B3B-940A-6935E887108D}

2012-07-13 10:38:55 -------- d-----w- C:\Users\John\AppData\Local\{0B540CED-3022-4549-8A47-296A6EBADCC9}

2012-07-13 10:38:16 -------- d-----w- C:\Users\John\AppData\Local\{B3663897-8EB6-460B-BEC8-B8CCA72CF556}

2012-07-12 22:37:35 -------- d-----w- C:\Users\John\AppData\Local\{ECAFC6F2-1487-418F-81F5-8B92252CEB2D}

2012-07-12 22:36:56 -------- d-----w- C:\Users\John\AppData\Local\{B11A30BA-8F7C-45D1-BC5A-EBD917F1C955}

2012-07-12 10:36:14 -------- d-----w- C:\Users\John\AppData\Local\{6DD2B5D0-02AC-40DA-A4B1-56571ADE62E7}

2012-07-12 10:35:35 -------- d-----w- C:\Users\John\AppData\Local\{DC4637EE-D599-487F-AE79-F8E777BF3E92}

2012-07-12 07:03:32 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-12 07:01:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-07-12 07:01:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-07-12 07:01:00 174200 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2012-07-12 07:01:00 140920 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2012-07-11 21:47:33 -------- d-----w- C:\Users\John\AppData\Local\{B2719B75-0710-4BFC-9B99-A98728E6778F}

2012-07-11 21:46:53 -------- d-----w- C:\Users\John\AppData\Local\{ECA984A7-438C-41D4-8367-022351531EEF}

2012-07-11 11:02:14 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 11:02:14 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-11 11:01:50 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-11 11:00:37 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-07-11 11:00:25 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-07-11 11:00:25 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2012-07-11 11:00:20 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-07-11 11:00:20 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-07-11 11:00:20 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-07-11 11:00:20 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-07-11 10:59:55 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-07-11 10:59:07 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-07-11 10:58:43 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-07-11 10:58:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-07-11 10:57:18 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-07-11 10:57:02 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-11 10:56:50 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 10:56:26 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-07-11 10:56:25 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-07-11 10:56:13 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-07-11 10:55:49 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-07-11 10:55:13 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll

2012-07-11 10:55:13 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 10:54:24 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 10:53:36 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 10:52:59 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 10:52:23 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 10:51:59 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-07-11 09:46:12 -------- d-----w- C:\Users\John\AppData\Local\{03D5B6D3-B44E-44F1-9C07-D561C3D1A3EA}

2012-07-11 09:45:33 -------- d-----w- C:\Users\John\AppData\Local\{82D6FC14-6567-4383-A6EF-EDAA0A2FC720}

2012-07-10 21:44:52 -------- d-----w- C:\Users\John\AppData\Local\{545DD3D3-967E-478A-9763-3BAC22112053}

2012-07-10 21:44:12 -------- d-----w- C:\Users\John\AppData\Local\{DEF05F1A-4178-48FE-A777-835C489B7A95}

2012-07-10 09:43:31 -------- d-----w- C:\Users\John\AppData\Local\{C3BC4813-BE7C-4F1A-A0E0-FE827D80C61B}

2012-07-10 09:42:51 -------- d-----w- C:\Users\John\AppData\Local\{4CD38DCF-660D-4737-A84A-572FEAB2455F}

2012-07-09 21:42:10 -------- d-----w- C:\Users\John\AppData\Local\{DFC62871-86B3-46C7-9824-D4B262B0145F}

2012-07-09 21:41:28 -------- d-----w- C:\Users\John\AppData\Local\{EF85975C-CFC3-4BD9-A77C-9724F69C913D}

2012-07-09 09:40:46 -------- d-----w- C:\Users\John\AppData\Local\{7CDD3E6E-0E75-4081-AA21-3DDD7E1BB800}

2012-07-09 09:40:06 -------- d-----w- C:\Users\John\AppData\Local\{4BCF66E5-D2DB-408A-B545-7AF4F85ECB7E}

2012-07-08 21:39:22 -------- d-----w- C:\Users\John\AppData\Local\{DB30CEA8-0AF6-4905-A1BA-49259AB0DDC9}

2012-07-08 21:38:42 -------- d-----w- C:\Users\John\AppData\Local\{101359BC-9600-4E2C-AFF3-05BAE62FBD06}

2012-07-05 06:48:54 -------- d-----w- C:\Users\John\AppData\Local\{41AE891E-F8E1-4DCA-A0D3-26C65FF9DCCA}

2012-07-05 06:48:14 -------- d-----w- C:\Users\John\AppData\Local\{EFAF5313-1E95-46F7-8567-EA099C7E6ACE}

2012-07-04 18:47:34 -------- d-----w- C:\Users\John\AppData\Local\{D20F9311-B72B-46A9-BECF-84645D750D60}

2012-07-04 18:46:54 -------- d-----w- C:\Users\John\AppData\Local\{BBFC46A5-EE1D-4F41-A188-CF23FC2A0CEE}

2012-07-04 06:46:02 -------- d-----w- C:\Users\John\AppData\Local\{D378851E-4BD2-453C-87C9-4A8DA353C980}

2012-07-04 06:45:22 -------- d-----w- C:\Users\John\AppData\Local\{7313A90B-C5A3-45D5-B8F7-D7F5435731CD}

2012-07-03 18:44:41 -------- d-----w- C:\Users\John\AppData\Local\{0BA2A269-9F2A-4D12-8765-11F8133BCA5A}

2012-07-03 18:44:01 -------- d-----w- C:\Users\John\AppData\Local\{23BA254D-A944-490A-94BB-E1C2D104E4B3}

2012-07-03 06:43:18 -------- d-----w- C:\Users\John\AppData\Local\{27D20E02-1EAE-4114-AB0C-81273BF25C02}

2012-07-03 06:42:39 -------- d-----w- C:\Users\John\AppData\Local\{A8C42E7F-0936-400E-9A69-D94B196F5EA9}

2012-07-02 18:41:56 -------- d-----w- C:\Users\John\AppData\Local\{53BD342B-419E-4FD6-8A04-06ADEF4A5DE2}

2012-07-02 18:41:17 -------- d-----w- C:\Users\John\AppData\Local\{24CF5BB4-353B-4C10-A2E9-B1DAC2071EDF}

2012-06-29 13:46:20 -------- d-----w- C:\Users\John\AppData\Local\{F0B623CE-B42E-4746-8214-318C9A001FE8}

2012-06-29 13:45:40 -------- d-----w- C:\Users\John\AppData\Local\{8F921CA4-62FF-4B56-AF05-79F22F1BD613}

2012-06-29 01:44:58 -------- d-----w- C:\Users\John\AppData\Local\{45F730AE-B88C-497D-8F99-220F390ECA30}

2012-06-29 01:44:19 -------- d-----w- C:\Users\John\AppData\Local\{2026BE9C-9A46-4059-8616-1A6CC74EE465}

2012-06-28 13:43:26 -------- d-----w- C:\Users\John\AppData\Local\{EE258969-3B30-46FD-875C-7FBFE79A8873}

2012-06-28 13:42:46 -------- d-----w- C:\Users\John\AppData\Local\{CA417282-69AC-44BD-8A4E-00FFC9115F23}

2012-06-28 01:42:04 -------- d-----w- C:\Users\John\AppData\Local\{D3810C85-0CEE-4661-A866-E2F654F8A970}

2012-06-28 01:41:24 -------- d-----w- C:\Users\John\AppData\Local\{783F3799-FED3-4CF7-AA4E-A56DEB279ACC}

2012-06-27 13:40:43 -------- d-----w- C:\Users\John\AppData\Local\{3590B8F5-0958-457E-A8EC-5672CE2F48BA}

2012-06-27 13:40:04 -------- d-----w- C:\Users\John\AppData\Local\{724E5A7B-75AA-42E3-ABDF-EBF7F257FAB6}

2012-06-27 01:39:23 -------- d-----w- C:\Users\John\AppData\Local\{A215ABA4-7A8E-42EE-A336-336351860DBD}

2012-06-27 01:38:44 -------- d-----w- C:\Users\John\AppData\Local\{4A7A4686-ED18-48CE-8474-C4843CA63D10}

2012-06-26 13:38:03 -------- d-----w- C:\Users\John\AppData\Local\{D3D4E577-0B1F-44EE-8C96-87EF05251FF0}

2012-06-26 13:37:23 -------- d-----w- C:\Users\John\AppData\Local\{ABC23A12-5ABE-4661-8507-2F98BEC9B8AB}

2012-06-26 01:36:42 -------- d-----w- C:\Users\John\AppData\Local\{B8D60944-109E-4665-A2DA-B3D306C7201F}

2012-06-26 01:36:02 -------- d-----w- C:\Users\John\AppData\Local\{91A5B58A-24AF-431C-A62F-E0787F883362}

.

==================== Find3M ====================

.

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

.

============= FINISH: 16:05:24.22 ===============

And here is Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 7/24/2011 11:06:01 AM

System Uptime: 7/25/2012 3:02:10 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0Y2MRG

Processor: Intel® Core i5-2300 CPU @ 2.80GHz | CPU 1 | 2801/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 919 GiB total, 838.961 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

RP98: 6/26/2012 12:00:02 AM - Scheduled Checkpoint

RP99: 7/4/2012 12:00:01 AM - Scheduled Checkpoint

RP100: 7/12/2012 12:00:03 AM - Scheduled Checkpoint

RP101: 7/12/2012 3:00:13 AM - Windows Update

RP102: 7/20/2012 12:00:02 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Adobe Reader X (10.1.1) MUI

Apple Application Support

Apple Software Update

Best Buy pc app

Catalyst Control Center - Branding

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco AnyConnect Secure Mobility Client

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Getting Started Guide

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell Stage Remote

Dell VideoStage

DirectX 9 Runtime

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

iExplorer 2.2.1.3

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Online Backup

McAfee Security Scan Plus

McAfee Total Protection

Mesh Runtime

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multimedia Card Reader

PhotoShowExpress

QuickTime

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Skype Toolbars

Skype™ 4.2

Sonic CinePlayer Decoder Pack

THX TruStudio PC

TWC Customer Controls

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

7/25/2012 3:56:52 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

7/25/2012 3:56:52 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

7/25/2012 3:56:52 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

7/25/2012 2:00:23 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/25/2012 12:57:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/25/2012 12:57:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/25/2012 12:57:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/25/2012 12:57:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/25/2012 12:57:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/25/2012 12:57:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/25/2012 12:57:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk MOBKFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/25/2012 12:57:43 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/25/2012 12:57:00 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread

7/25/2012 12:53:25 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

7/25/2012 12:53:22 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

7/25/2012 12:53:22 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

7/25/2012 12:53:22 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.

7/25/2012 12:53:22 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.

7/25/2012 11:21:39 AM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

7/25/2012 11:21:39 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.

7/25/2012 1:01:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

.

==== End Of File ===========================

I also just found that when I try to open Windows Live Mail I get the error: "Initialization of RSS feed support failed. RSS feeds could not be updated".

Maniac · July 26, 2012

Hello jaabuck and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please download unhide.exe from here and save it to your Desktop. Double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run. When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt .

Step 2

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

unhide log
Malwarebytes' Anti-Malware log
aswMBR log

jaabuck · July 27, 2012

Thanks for the feedback. I wasn't concerned about data loss so I did a Dell factory image restore after an IT person friend suggested that would completey get rid of the virus. I've since read some stuff that indicates that might not be the case. Something about how if the virus was in the boot sector it could still be there. I also wondered if it could be in the area where the factory restore is restoring from...it has be be restoring from somewhere on my PC.

Thoughts? Is there any chance the virus still exists or is the factory restore completely eradicate it? I'm seriously considering buying a new PC.

Maniac · July 27, 2012

No, now your system should be clean. Malware prevention tips here:

http://forums.malwarebytes.org/index.php?showtopic=104379

screen317 · July 31, 2012

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Maurice Naggar · August 3, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

Problems after malware removal

Recommended Posts

jaabuck

Link to post

Share on other sites

Maniac

Link to post

Share on other sites

jaabuck

Link to post

Share on other sites

Maniac

Link to post

Share on other sites

screen317

Link to post

Share on other sites

Maurice Naggar

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information