Jump to content

ErrorWiz rogue application fully cleared?


Recommended Posts

Hi friendly forum,

Your colleague pushed me towards this particular forum for this problem?

I just discovered that like a total dumbo I downloaded what turned out to be a fake app called ErrorWiz 2 weeks ago. I only worked this out when I started getting random IE advertising popups today. I downloaded Malwarebyte and it picked up and deleted ErrorWiz as a rogue app straight away. I have since re-scanned multiple times, all clear.

My questions are two fold:

1) can i really trust that 1 quick removal from Malwarebytes has killed ErrorWiz going forward and

2) i have read that ErrorWiz may lead to theft of personal details - it was in my computer for 2 weeks and I defo used credit cards etc online during this time - how can I tell if my details has been compromised? I have kept the offending files in Malwarebytes quarantine can an administrator tell what potential damage has been caused from looking at them? Do they indicate whether keylogging or anything happened?

I have hopefully followed all the preparational instructions so here is my DDS log and the other two should be attached...

What else do you need to kindly help me with my questions?

THANKS SO MUCH!!!!

DDS (Ver_10-11-27.01) - NTFS_AMD64

Run by Nick Smith at 8:50:13.83 on 03/12/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4029.2571 [GMT 0:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\vds.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Nick Smith\Downloads\Defogger.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Nick Smith\Downloads\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Cobian Backup 10 Interface] "C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"

mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

mRun-x64: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

mRun-x64: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\NICKSM~1\AppData\Roaming\Mozilla\Firefox\Profiles\3jxvvwkd.default\

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-24 55280]

R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2010-10-24 18792]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-9-21 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-21 202752]

R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2010-12-2 67584]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-24 13336]

R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-10-24 60928]

R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-9-21 60416]

R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-9-21 80896]

R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-9-21 55808]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-24 689472]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-24 2320920]

R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-9-21 23912]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-10-24 172704]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-21 56344]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-21 239616]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-7-27 339040]

S3 LVUVC64;Logitech Webcam 600(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-7-27 6465632]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-29 1255736]

=============== Created Last 30 ================

2010-12-02 18:44:12 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2010-12-02 16:34:02 -------- d-----w- C:\Program Files (x86)\Cobian Backup 10

2010-12-02 16:31:38 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2010-12-02 16:31:34 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-12-02 16:23:42 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{C1C9AF0A-704A-479E-8350-093688250E9F}\mpengine.dll

2010-12-02 12:16:47 -------- d-----w- C:\Users\NICKSM~1\AppData\Roaming\Malwarebytes

2010-12-02 12:16:43 -------- d-----w- C:\PROGRA~3\Malwarebytes

2010-12-02 12:16:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2010-11-26 01:27:01 -------- d-----w- C:\Program Files\iPod

2010-11-26 01:26:56 -------- d-----w- C:\Program Files\iTunes

2010-11-26 01:26:56 -------- d-----w- C:\Program Files (x86)\iTunes

2010-11-25 21:00:08 -------- d-----w- C:\Users\Nick Smith\My Backup Files

2010-11-23 22:14:43 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2010-11-23 22:14:43 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2010-11-19 12:55:09 84992 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL

2010-11-19 11:27:37 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-11-16 21:55:23 270720 ------w- C:\Windows\System32\MpSigStub.exe

2010-11-16 21:51:03 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware

2010-11-16 21:51:00 -------- d-----w- C:\Program Files\Microsoft Security Essentials

2010-11-15 22:42:13 -------- d-----w- C:\PROGRA~3\Citrix

2010-11-15 22:33:34 -------- d-----w- C:\Program Files (x86)\Citrix

2010-11-15 22:33:27 -------- d-----w- C:\Users\NICKSM~1\AppData\Local\Citrix

2010-11-15 22:33:25 103784 ----a-w- C:\Users\Nick Smith\GoToAssistDownloadHelper.exe

2010-11-15 22:19:06 -------- d-----w- C:\Users\NICKSM~1\AppData\Roaming\McAfee

2010-11-11 19:50:38 -------- d--h--w- C:\Windows\PIF

2010-11-11 19:22:15 -------- d-----w- C:\Program Files (x86)\Acoustica Beatcraft

2010-11-06 22:28:32 -------- d-----w- C:\Users\NICKSM~1\AppData\Roaming\Spotify

2010-11-06 22:28:32 -------- d-----w- C:\Users\NICKSM~1\AppData\Local\Spotify

2010-11-06 22:28:30 -------- d-----w- C:\Program Files (x86)\Spotify

2010-11-05 10:02:41 -------- d-----w- C:\Users\NICKSM~1\AppData\Roaming\Macrovision

==================== Find3M ====================

2010-10-24 08:06:59 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2010-10-24 07:24:16 0 ----a-w- C:\Windows\ativpsrm.bin

2010-10-24 05:53:02 75 --sh--r- C:\Windows\CT4CET.bin

2010-10-24 05:31:07 455680 ----a-w- C:\Windows\System32\deployJava1.dll

2010-10-14 23:44:02 4280320 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2010-09-15 04:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2010-09-08 10:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2010-09-08 10:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 8:50:54.96 ===============

Thanks!

ark.zip

Attach.zip

Link to post
Share on other sites

Hello ,

And :lol: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

Link to post
Share on other sites

Hi Elise: here are the 3 new logs you wanted. Do you need me to re-do the original logs that the general advice asks you to do, the Attach one etc? Let me know if I have done any of this wrong!!!

OTL Text log:

OTL logfile created on: 12/8/2010 5:15:53 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Nick Smith\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.07 Gb Total Space | 416.49 Gb Free Space | 92.33% Space Free | Partition Type: NTFS

Computer Name: NICKSMITH-PC | User Name: Nick Smith | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/08 17:15:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nick Smith\Downloads\OTL.exe

PRC - [2010/10/27 06:13:43 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/09/23 16:46:16 | 003,154,432 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe

PRC - [2010/09/02 22:17:40 | 001,853,248 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

PRC - [2010/08/20 20:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2010/07/21 16:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

PRC - [2010/03/04 01:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/03/04 01:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/02/09 18:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2009/10/15 08:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2009/10/01 01:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2009/10/01 01:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/07/22 13:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

PRC - [2009/06/24 21:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2009/06/09 14:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/05/21 13:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

PRC - [2009/05/21 13:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

========== Modules (SafeList) ==========

MOD - [2010/12/08 17:15:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nick Smith\Downloads\OTL.exe

MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2010/01/21 09:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/11/18 18:45:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/11/02 17:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2009/09/21 20:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2009/09/21 20:03:06 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2009/09/21 20:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/06/09 14:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV:64bit: - [2009/03/03 07:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)

SRV - [2010/08/20 20:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)

SRV - [2010/03/04 01:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2009/10/01 01:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2009/10/01 01:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2009/06/23 21:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/05/21 13:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/27 08:14:24 | 006,465,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 600(UVC)

DRV:64bit: - [2010/07/27 08:12:16 | 000,339,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2010/03/03 23:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/01/21 09:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/11/18 19:21:20 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/11/02 17:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2009/09/30 14:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/09/17 17:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/09/15 16:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®

DRV:64bit: - [2009/08/24 16:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/08/21 05:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/24 19:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)

DRV:64bit: - [2009/07/23 17:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)

DRV:64bit: - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/09 08:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/07/05 00:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)

DRV:64bit: - [2009/07/02 13:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)

DRV:64bit: - [2009/07/01 23:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)

DRV:64bit: - [2009/06/25 22:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2009/06/25 21:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2009/06/25 21:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2009/06/15 18:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009/06/10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2006/11/01 17:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1931916957-2266683532-3935516287-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2

IE - HKU\S-1-5-21-1931916957-2266683532-3935516287-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2

IE - HKU\S-1-5-21-1931916957-2266683532-3935516287-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1931916957-2266683532-3935516287-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1931916957-2266683532-3935516287-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/16 21:48:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/02 18:44:12 | 000,000,000 | ---D | M]

[2010/10/29 07:27:08 | 000,000,000 | ---D | M] -- C:\Users\Nick Smith\AppData\Roaming\Mozilla\Extensions

[2010/12/08 17:15:28 | 000,000,000 | ---D | M] -- C:\Users\Nick Smith\AppData\Roaming\Mozilla\Firefox\Profiles\3jxvvwkd.default\extensions

[2010/12/03 15:05:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nick Smith\AppData\Roaming\Mozilla\Firefox\Profiles\3jxvvwkd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/12/03 15:04:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/12/03 15:04:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/03 15:04:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [Cobian Backup 10 Interface] C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe (Luis Cobian, CobianSoft)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)

O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)

O4 - HKLM..\RunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1931916957-2266683532-3935516287-1001\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\S-1-5-21-1931916957-2266683532-3935516287-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-1931916957-2266683532-3935516287-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/03 15:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2010/12/03 11:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

[2010/12/03 10:43:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/12/02 16:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 10

[2010/12/02 16:31:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/12/02 16:31:34 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/12/02 12:16:47 | 000,000,000 | ---D | C] -- C:\Users\Nick Smith\AppData\Roaming\Malwarebytes

[2010/12/02 12:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/12/02 12:16:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/12/01 21:29:58 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2010/11/26 01:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/11/26 01:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/11/26 01:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010/11/26 01:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari

[2010/11/25 21:00:08 | 000,000,000 | ---D | C] -- C:\Users\Nick Smith\My Backup Files

[2010/11/19 12:55:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ

[2010/11/16 21:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware

[2010/11/16 21:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/11/15 22:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix

[2010/11/15 22:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix

[2010/11/15 22:33:27 | 000,000,000 | ---D | C] -- C:\Users\Nick Smith\AppData\Local\Citrix

[2010/11/15 22:19:06 | 000,000,000 | ---D | C] -- C:\Users\Nick Smith\AppData\Roaming\McAfee

[2010/11/14 10:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd

[2010/11/14 10:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd

[2010/11/14 08:43:52 | 000,000,000 | ---D | C] -- C:\Users\Nick Smith\AppData\Roaming\skypePM

[2010/11/14 08:41:36 | 000,000,000 | ---D | C] -- C:\Users\Nick Smith\AppData\Roaming\Skype

[2010/11/11 19:50:38 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

[2010/11/11 19:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acoustica Beatcraft

========== Files - Modified Within 30 Days ==========

[2010/12/08 17:12:08 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/08 17:12:08 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/08 17:09:16 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/12/08 17:09:16 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/12/08 17:09:16 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/12/08 17:04:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/08 17:04:47 | 3168,165,888 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/03 16:00:05 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job

[2010/12/03 15:23:02 | 000,161,280 | ---- | M] () -- C:\Users\Nick Smith\Documents\Torchwood proposal v1.ppt

[2010/12/03 10:43:51 | 500,797,646 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/12/03 09:47:56 | 000,000,312 | ---- | M] () -- C:\Users\Nick Smith\Desktop\ark.zip

[2010/12/03 08:53:25 | 000,003,554 | ---- | M] () -- C:\Users\Nick Smith\Desktop\Attach.zip

[2010/12/03 08:49:27 | 000,000,000 | ---- | M] () -- C:\Users\Nick Smith\defogger_reenable

[2010/12/02 16:31:39 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/02 10:10:42 | 000,014,891 | ---- | M] () -- C:\Users\Nick Smith\Documents\Potential questions for call.docx

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/11/26 01:27:33 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/11/26 01:23:46 | 000,002,515 | ---- | M] () -- C:\Users\Nick Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/11/26 01:23:46 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2010/11/26 00:41:50 | 000,017,010 | ---- | M] () -- C:\Users\Nick Smith\Documents\weetabix quick brief.docx

[2010/11/19 13:36:11 | 000,443,701 | ---- | M] () -- C:\Users\Nick Smith\Documents\Theme pro forma.pptx

[2010/11/19 13:34:20 | 003,030,016 | ---- | M] () -- C:\Users\Nick Smith\Documents\BDI presentation.ppt

[2010/11/19 12:54:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/11/16 22:09:25 | 000,001,009 | ---- | M] () -- C:\Users\Nick Smith\Desktop\Beatcraft.lnk

[2010/11/16 21:51:00 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk

[2010/11/15 22:33:26 | 000,103,784 | ---- | M] () -- C:\Users\Nick Smith\GoToAssistDownloadHelper.exe

[2010/11/15 22:19:06 | 000,002,158 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk

[2010/11/14 10:14:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2010/11/14 08:43:52 | 000,000,048 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

[2010/11/12 14:25:14 | 000,413,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/11/09 19:43:19 | 001,904,007 | ---- | M] () -- C:\Users\Nick Smith\Documents\maps.pptx

========== Files Created - No Company Name ==========

[2010/12/03 15:22:49 | 000,161,280 | ---- | C] () -- C:\Users\Nick Smith\Documents\Torchwood proposal v1.ppt

[2010/12/03 10:43:51 | 500,797,646 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/12/03 09:47:56 | 000,000,312 | ---- | C] () -- C:\Users\Nick Smith\Desktop\ark.zip

[2010/12/03 08:53:25 | 000,003,554 | ---- | C] () -- C:\Users\Nick Smith\Desktop\Attach.zip

[2010/12/03 08:49:27 | 000,000,000 | ---- | C] () -- C:\Users\Nick Smith\defogger_reenable

[2010/12/02 16:31:39 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/02 09:54:01 | 000,014,891 | ---- | C] () -- C:\Users\Nick Smith\Documents\Potential questions for call.docx

[2010/11/26 01:27:33 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/11/26 01:23:46 | 000,002,515 | ---- | C] () -- C:\Users\Nick Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/11/26 01:23:46 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk

[2010/11/26 00:27:04 | 000,017,010 | ---- | C] () -- C:\Users\Nick Smith\Documents\weetabix quick brief.docx

[2010/11/19 13:34:18 | 003,030,016 | ---- | C] () -- C:\Users\Nick Smith\Documents\BDI presentation.ppt

[2010/11/19 13:10:15 | 000,443,701 | ---- | C] () -- C:\Users\Nick Smith\Documents\Theme pro forma.pptx

[2010/11/19 12:54:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/11/16 22:09:25 | 000,001,009 | ---- | C] () -- C:\Users\Nick Smith\Desktop\Beatcraft.lnk

[2010/11/16 21:51:00 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk

[2010/11/15 22:33:25 | 000,103,784 | ---- | C] () -- C:\Users\Nick Smith\GoToAssistDownloadHelper.exe

[2010/11/15 22:19:06 | 000,002,158 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk

[2010/11/15 22:19:06 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\vtscheduletask.job

[2010/11/14 10:14:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2010/11/14 08:43:52 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/11/11 19:42:58 | 000,000,000 | ---- | C] () -- C:\Windows\wmsysprx.prx

[2010/11/09 19:43:18 | 001,904,007 | ---- | C] () -- C:\Users\Nick Smith\Documents\maps.pptx

[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/10/31 17:25:53 | 000,000,000 | ---D | M] -- C:\Users\Nick Smith\AppData\Roaming\Acoustica

[2010/12/03 16:30:04 | 000,000,000 | ---D | M] -- C:\Users\Nick Smith\AppData\Roaming\Spotify

[2010/10/31 17:43:49 | 000,000,000 | ---D | M] -- C:\Users\Nick Smith\AppData\Roaming\SynthMaker

[2009/07/14 05:08:49 | 000,015,770 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/12/03 16:00:05 | 000,000,424 | ---- | M] () -- C:\Windows\Tasks\vtscheduletask.job

========== Purity Check ==========

< End of report >

EXTRAS.TXT ONE:

OTL Extras logfile created on: 12/8/2010 5:15:53 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Nick Smith\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.07 Gb Total Space | 416.49 Gb Free Space | 92.33% Space Free | Partition Type: NTFS

Computer Name: NICKSMITH-PC | User Name: Nick Smith | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1931916957-2266683532-3935516287-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor

"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials

"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support

"{AE124EE9-EF32-69C5-60F9-FFA0FFF7F9B1}" = ccc-utility64

"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes

"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock

"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel® PROSet/Wireless WiFi Software

"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware

"{EF5948BA-589D-4BE7-B993-C45DC1A77E24}" = MobileMe Control Panel

"Microsoft Security Essentials" = Microsoft Security Essentials

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1DC7DFF9-2180-0E7E-DB49-817280EE4E93}" = Catalyst Control Center Graphics Light

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22

"{27B94460-B1A6-BE42-D92A-4FCDCF4A719F}" = CCC Help German

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{47BC5D36-B837-B2A8-FB46-F6EC602A7F9C}" = Catalyst Control Center Graphics Previews Common

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B8C6616-F310-60D3-71FD-057C16DB3E8A}" = CCC Help Finnish

"{5FEF1894-CF67-B16C-11B6-5818358B3FC9}" = CCC Help Russian

"{60E9E76A-FB31-67CB-8071-A1D38A499A86}" = CCC Help French

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6869DEA9-8FA6-E3E0-05B6-8187FEB71D52}" = Skins

"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding

"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari

"{6ED86F6F-7130-48F5-2AF7-5D693098057F}" = CCC Help Norwegian

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{9B9F49A2-6791-761F-6077-22977B0FD03D}" = CCC Help Dutch

"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn

"{A697D62C-643B-5315-204B-D43055A86649}" = CCC Help Swedish

"{A6B483B0-E8E8-0EE1-D678-FEEBDF27FE15}" = Catalyst Control Center Localization All

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A9316AC7-CAB2-C29B-F8B6-6239817B1B45}" = CCC Help Chinese Standard

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{AFF254B3-ABBC-15E7-200E-FABF74314C13}" = ccc-core-static

"{B27E389B-AE9B-BEB6-8FCF-BA293F884C70}" = CCC Help Japanese

"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn

"{B5AB153E-59F3-AB56-F8A7-43E531368327}" = Catalyst Control Center Graphics Full New

"{BA214394-CDD8-BB3C-3FCC-8294C9A02ACA}" = CCC Help Chinese Traditional

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BF8DC895-9CC3-E284-6ADF-67077E3FBCA2}" = CCC Help Danish

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{D0016802-8E49-0DED-0B9C-F8946945998F}" = Catalyst Control Center Graphics Full Existing

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

Hi again, no, those logs are quite okay. :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Elise, one last thing...

Malwarebytes picked up the original Error Wiz issue. SInce then my online bank as part of their protocal asked me to scan my system with F-Secure, which I did. It picked up an exploit.pdf virus which it then removed. SInce then I have full scanned with Microsoft Security Essentials, Malwarebytes and F Secure, all clean but I want to make sure I am not exposed as ErrorWiz was in my system for a whole 2 weeks or so.

Thanks for your help I appreciate it!

Link to post
Share on other sites

OK here's the combofix log. It never asked me about downloading that Microsoft thingy - presume I have it already! I have turned realtime virus protection back on now hope that was the right thing to do.

thanks

N

ComboFix 10-12-07.06 - Nick Smith 08/12/2010 17:31:41.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4029.2447 [GMT 0:00]

Running from: c:\users\Nick Smith\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Nick Smith\GoToAssistDownloadHelper.exe

.

((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))

.

2010-12-08 17:34 . 2010-12-08 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-08 17:15 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{570F194B-B7DA-4504-BF56-9DE2F342DC1D}\mpengine.dll

2010-12-03 15:05 . 2010-12-03 15:05 -------- d-----w- c:\program files (x86)\Common Files\Java

2010-12-03 11:36 . 2010-12-03 11:36 -------- d-----w- c:\programdata\F-Secure

2010-12-02 18:44 . 2010-12-03 15:04 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2010-12-02 17:07 . 2010-12-02 17:12 -------- d-----w- c:\users\TEMP

2010-12-02 16:34 . 2010-12-02 16:34 -------- d-----w- c:\program files (x86)\Cobian Backup 10

2010-12-02 16:31 . 2010-11-29 17:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2010-12-02 16:31 . 2010-11-29 17:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-02 12:16 . 2010-12-02 12:16 -------- d-----w- c:\users\Nick Smith\AppData\Roaming\Malwarebytes

2010-12-02 12:16 . 2010-12-02 12:16 -------- d-----w- c:\programdata\Malwarebytes

2010-12-02 12:16 . 2010-12-02 16:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-12-01 21:29 . 2010-12-01 21:29 -------- d-----w- c:\windows\Sun

2010-11-26 01:27 . 2010-11-26 01:27 -------- d-----w- c:\program files\iPod

2010-11-26 01:26 . 2010-11-26 01:27 -------- d-----w- c:\program files\iTunes

2010-11-26 01:26 . 2010-11-26 01:27 -------- d-----w- c:\program files (x86)\iTunes

2010-11-26 01:23 . 2010-11-26 01:23 -------- d-----w- c:\program files (x86)\Safari

2010-11-25 21:00 . 2010-11-25 21:00 -------- d-----w- c:\users\Nick Smith\My Backup Files

2010-11-23 22:14 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-11-23 22:14 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

2010-11-19 12:55 . 2010-11-19 12:55 -------- d--h--w- c:\programdata\CanonBJ

2010-11-19 12:55 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL

2010-11-19 11:27 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-11-16 21:55 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe

2010-11-16 21:51 . 2010-11-16 21:51 -------- d-----w- c:\program files (x86)\Microsoft Antimalware

2010-11-16 21:51 . 2010-11-16 21:51 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-11-15 22:42 . 2010-11-15 22:42 -------- d-----w- c:\programdata\Citrix

2010-11-15 22:33 . 2010-11-15 22:33 -------- d-----w- c:\program files (x86)\Citrix

2010-11-15 22:33 . 2010-11-15 22:33 -------- d-----w- c:\users\Nick Smith\AppData\Local\Citrix

2010-11-15 22:19 . 2010-11-15 22:19 -------- d-----w- c:\users\Nick Smith\AppData\Roaming\McAfee

2010-11-14 10:14 . 2010-11-14 10:14 -------- d-----w- c:\program files (x86)\Common Files\logishrd

2010-11-14 10:14 . 2010-11-14 10:14 -------- d-----w- c:\program files\Common Files\logishrd

2010-11-14 08:43 . 2010-11-14 08:43 -------- d-----w- c:\users\Nick Smith\AppData\Roaming\skypePM

2010-11-14 08:41 . 2010-11-14 11:16 -------- d-----w- c:\users\Nick Smith\AppData\Roaming\Skype

2010-11-11 19:50 . 2010-11-11 19:50 -------- d--h--w- c:\windows\PIF

2010-11-11 19:22 . 2010-11-16 22:09 -------- d-----w- c:\program files (x86)\Acoustica Beatcraft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-03 15:04 . 2010-10-24 05:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2010-10-24 08:07 . 2010-10-24 08:07 51712 ----a-w- c:\windows\system32\drivers\usbehci.sys

2010-10-24 08:07 . 2010-10-24 08:07 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2010-10-24 08:07 . 2010-10-24 08:07 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-10-24 08:07 . 2010-10-24 08:07 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2010-10-24 08:07 . 2010-10-24 08:07 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2010-10-24 08:07 . 2010-10-24 08:07 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-10-24 08:07 . 2010-10-24 08:07 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-10-24 08:07 . 2010-10-24 08:07 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2010-10-24 08:07 . 2010-10-24 08:07 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-10-24 08:07 . 2010-10-24 08:07 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-10-24 08:07 . 2010-10-24 08:07 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2010-10-24 08:07 . 2010-10-24 08:07 293888 ----a-w- c:\windows\SysWow64\atmfd.dll

2010-10-24 08:07 . 2010-10-24 08:07 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-10-24 08:07 . 2010-10-24 08:07 100864 ----a-w- c:\windows\system32\fontsub.dll

2010-10-24 08:07 . 2010-10-24 08:07 91648 ----a-w- c:\windows\SysWow64\avifil32.dll

2010-10-24 08:07 . 2010-10-24 08:07 84480 ----a-w- c:\windows\SysWow64\mciavi32.dll

2010-10-24 08:07 . 2010-10-24 08:07 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2010-10-24 08:07 . 2010-10-24 08:07 54272 ----a-w- c:\windows\system32\iyuv_32.dll

2010-10-24 08:07 . 2010-10-24 08:07 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2010-10-24 08:07 . 2010-10-24 08:07 50176 ----a-w- c:\windows\SysWow64\iyuv_32.dll

2010-10-24 08:07 . 2010-10-24 08:07 46592 ----a-w- c:\windows\system32\msasn1.dll

2010-10-24 08:07 . 2010-10-24 08:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2010-10-24 08:07 . 2010-10-24 08:07 38912 ----a-w- c:\windows\system32\msvidc32.dll

2010-10-24 08:07 . 2010-10-24 08:07 34816 ----a-w- c:\windows\SysWow64\msasn1.dll

2010-10-24 08:07 . 2010-10-24 08:07 31744 ----a-w- c:\windows\SysWow64\msvidc32.dll

2010-10-24 08:07 . 2010-10-24 08:07 311808 ----a-w- c:\windows\system32\msv1_0.dll

2010-10-24 08:07 . 2010-10-24 08:07 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll

2010-10-24 08:07 . 2010-10-24 08:07 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2010-10-24 08:07 . 2010-10-24 08:07 25088 ----a-w- c:\windows\system32\msyuv.dll

2010-10-24 08:07 . 2010-10-24 08:07 243200 ----a-w- c:\windows\system32\wow64.dll

2010-10-24 08:07 . 2010-10-24 08:07 22016 ----a-w- c:\windows\SysWow64\msyuv.dll

2010-10-24 08:07 . 2010-10-24 08:07 2048 ----a-w- c:\windows\SysWow64\user.exe

2010-10-24 08:07 . 2010-10-24 08:07 16384 ----a-w- c:\windows\system32\msrle32.dll

2010-10-24 08:07 . 2010-10-24 08:07 1572352 ----a-w- c:\windows\system32\quartz.dll

2010-10-24 08:07 . 2010-10-24 08:07 14848 ----a-w- c:\windows\system32\tsbyuv.dll

2010-10-24 08:07 . 2010-10-24 08:07 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2010-10-24 08:07 . 2010-10-24 08:07 13312 ----a-w- c:\windows\SysWow64\msrle32.dll

2010-10-24 08:07 . 2010-10-24 08:07 1328640 ----a-w- c:\windows\SysWow64\quartz.dll

2010-10-24 08:07 . 2010-10-24 08:07 12288 ----a-w- c:\windows\SysWow64\tsbyuv.dll

2010-10-24 08:07 . 2010-10-24 08:07 82944 ----a-w- c:\windows\SysWow64\iccvid.dll

2010-10-24 08:07 . 2010-10-24 08:07 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-10-24 08:07 . 2010-10-24 08:07 3955080 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2010-10-24 08:07 . 2010-10-24 08:07 3899784 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2010-10-24 08:07 . 2010-10-24 08:07 389632 ----a-w- c:\windows\system32\winlogon.exe

2010-10-24 08:07 . 2010-10-24 08:07 2870272 ----a-w- c:\windows\explorer.exe

2010-10-24 08:07 . 2010-10-24 08:07 2614272 ----a-w- c:\windows\SysWow64\explorer.exe

2010-10-24 08:06 . 2010-10-24 08:06 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2010-10-24 08:06 . 2010-10-24 08:06 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2010-10-24 08:06 . 2010-10-24 08:06 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-10-24 08:06 . 2010-10-24 08:06 1446912 ----a-w- c:\windows\system32\lsasrv.dll

2010-10-24 08:06 . 2010-10-24 08:06 982600 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2010-10-24 08:06 . 2010-10-24 08:06 612352 ----a-w- c:\windows\system32\vbscript.dll

2010-10-24 08:06 . 2010-10-24 08:06 427520 ----a-w- c:\windows\SysWow64\vbscript.dll

2010-10-24 08:06 . 2010-10-24 08:06 144384 ----a-w- c:\windows\system32\cdd.dll

2010-10-24 08:06 . 2010-10-24 08:06 228864 ----a-w- c:\windows\system32\drivers\1394ohci.sys

2010-10-24 08:06 . 2010-10-24 08:06 613888 ----a-w- c:\windows\system32\psisdecd.dll

2010-10-24 08:06 . 2010-10-24 08:06 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2010-10-24 08:06 . 2010-10-24 08:06 85504 ----a-w- c:\windows\SysWow64\secproc_ssp_isv.dll

2010-10-24 08:06 . 2010-10-24 08:06 85504 ----a-w- c:\windows\SysWow64\secproc_ssp.dll

2010-10-24 08:06 . 2010-10-24 08:06 424960 ----a-w- c:\windows\system32\secproc.dll

2010-10-24 08:06 . 2010-10-24 08:06 422912 ----a-w- c:\windows\system32\secproc_isv.dll

2010-10-24 08:06 . 2010-10-24 08:06 369152 ----a-w- c:\windows\SysWow64\secproc.dll

2010-10-24 08:06 . 2010-10-24 08:06 365568 ----a-w- c:\windows\SysWow64\secproc_isv.dll

2010-10-24 08:06 . 2010-10-24 08:06 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-10-24 08:06 . 2010-10-24 08:06 356352 ----a-w- c:\windows\system32\RMActivate.exe

2010-10-24 08:06 . 2010-10-24 08:06 324608 ----a-w- c:\windows\SysWow64\RMActivate_isv.exe

2010-10-24 08:06 . 2010-10-24 08:06 320512 ----a-w- c:\windows\SysWow64\RMActivate.exe

2010-10-24 08:06 . 2010-10-24 08:06 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-10-24 08:06 . 2010-10-24 08:06 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-10-24 08:06 . 2010-10-24 08:06 280064 ----a-w- c:\windows\SysWow64\RMActivate_ssp.exe

2010-10-24 08:06 . 2010-10-24 08:06 277504 ----a-w- c:\windows\SysWow64\RMActivate_ssp_isv.exe

2010-10-24 08:06 . 2010-10-24 08:06 1736608 ----a-w- c:\windows\system32\ntdll.dll

2010-10-24 08:06 . 2010-10-24 08:06 1289528 ----a-w- c:\windows\SysWow64\ntdll.dll

2010-10-24 08:06 . 2010-10-24 08:06 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-10-24 08:06 . 2010-10-24 08:06 121856 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-10-24 08:06 . 2010-10-24 08:06 976896 ----a-w- c:\windows\system32\inetcomm.dll

2010-10-24 08:06 . 2010-10-24 08:06 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll

2010-10-24 08:06 . 2010-10-24 08:06 52224 ----a-w- c:\windows\system32\rtutils.dll

2010-10-24 08:06 . 2010-10-24 08:06 37376 ----a-w- c:\windows\SysWow64\rtutils.dll

2010-10-24 08:06 . 2010-10-24 08:06 1975296 ----a-w- c:\windows\system32\CertEnroll.dll

2010-10-24 08:06 . 2010-10-24 08:06 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2010-10-24 08:06 . 2010-10-24 08:06 1320960 ----a-w- c:\windows\SysWow64\CertEnroll.dll

2010-10-24 08:06 . 2010-10-24 08:06 84992 ----a-w- c:\windows\system32\asycfilt.dll

2010-10-24 08:06 . 2010-10-24 08:06 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll

2010-10-24 08:06 . 2010-10-24 08:06 220672 ----a-w- c:\windows\system32\wintrust.dll

2010-10-24 08:06 . 2010-10-24 08:06 172032 ----a-w- c:\windows\SysWow64\wintrust.dll

2010-10-24 08:06 . 2010-10-24 08:06 139264 ----a-w- c:\windows\system32\cabview.dll

2010-10-24 08:06 . 2010-10-24 08:06 132608 ----a-w- c:\windows\SysWow64\cabview.dll

2010-10-24 08:06 . 2010-10-24 08:06 1877504 ----a-w- c:\windows\system32\msxml3.dll

2010-10-24 08:06 . 2010-10-24 08:06 1233920 ----a-w- c:\windows\SysWow64\msxml3.dll

2010-10-24 08:06 . 2010-10-24 08:06 91648 ----a-w- c:\windows\system32\isoburn.exe

2010-10-24 08:06 . 2010-10-24 08:06 86528 ----a-w- c:\windows\SysWow64\isoburn.exe

2010-10-24 08:06 . 2010-10-24 08:06 78848 ----a-w- c:\windows\system32\WUDFSvc.dll

2010-10-24 08:06 . 2010-10-24 08:06 687616 ----a-w- c:\windows\system32\WUDFx.dll

2010-10-24 08:06 . 2010-10-24 08:06 630272 ----a-w- c:\windows\system32\evr.dll

2010-10-24 08:06 . 2010-10-24 08:06 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2010-10-24 08:06 . 2010-10-24 08:06 488448 ----a-w- c:\windows\SysWow64\evr.dll

2010-10-24 08:06 . 2010-10-24 08:06 44544 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2010-10-24 08:06 . 2010-10-24 08:06 4062720 ----a-w- c:\windows\system32\mf.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-17 421160]

"Cobian Backup 10 Interface"="c:\program files (x86)\Cobian Backup 10\cbInterface.exe" [2010-09-23 3154432]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]

"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-07-27 339040]

R3 LVUVC64;Logitech Webcam 600(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-07-27 6465632]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-28 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-07-23 18792]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]

S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896]

S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-07-24 23912]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 40832]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

Contents of the 'Scheduled Tasks' folder

2010-12-03 c:\windows\Tasks\vtscheduletask.job

- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2010-11-15 14:25]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-02 3217056]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

Trusted Zone: internet

Trusted Zone: mcafee.com

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Nick Smith\AppData\Roaming\Mozilla\Firefox\Profiles\3jxvvwkd.default\

FF - plugin: c:\progra~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: c:\progra~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: c:\program files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll

FF - plugin: c:\program files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\Nick Smith\AppData\Roaming\Mozilla\Firefox\Profiles\3jxvvwkd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-12-08 17:36:49

ComboFix-quarantined-files.txt 2010-12-08 17:36

Pre-Run: 447,099,518,976 bytes free

Post-Run: 447,169,540,096 bytes free

- - End Of File - - 578B148181744F26DDB98506A801F53F

Link to post
Share on other sites

Here's the log.

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5273

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

08/12/2010 19:05:01

mbam-log-2010-12-08 (19-05-01).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 259019

Time elapsed: 30 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Any problems left here?

Lets do one last scan for leftovers.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

That means you are all cleaned up. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.