Jump to content

help please to remove trojan


Recommended Posts

Hello,

I have the following symptoms: my windows defender and windows security service was disabled. I tried to restart them using "services" but after some seconds they get disabled again. Also I notice that when using Explorer and searching using google, the links redirect to ads. I checked on the msconfig for any strange start up service and found one called 8DDYX0ZBPZ (\AppData\Local\Temp\Vnx.exe) so I disabled it in the msconfig and deleted manually the file, but the symptoms still are present.

I ran a quick scan using Malware bytes software, please find the report below

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7360

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

8/2/2011 6:57:38 PM

mbam-log-2011-08-02 (18-57-38).txt

Scan type: Quick scan

Objects scanned: 180463

Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ZU6RKI1ONY (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

I will appreciate any guidance.

Thanks

Link to post
Share on other sites

Hello, Thanks for your help. The MBAM is updated and its log file is below:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7390

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

8/5/2011 5:37:03 PM

mbam-log-2011-08-05 (17-37-03).txt

Scan type: Quick scan

Objects scanned: 178526

Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

The DDS log file is below:

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by ADRIANCM at 17:37:39 on 2011-08-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6268 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Workrave\lib\Workrave.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\ADRIANCM\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110513105618.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [Workrave] C:\Program Files (x86)\Workrave\lib\workrave.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [googletalk] C:\Users\ADRIANCM\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [Google Update] "C:\Users\ADRIANCM\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [<NO NAME>]

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\ADRIANCM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

TCP: DhcpNameServer = 8.8.8.8

TCP: Interfaces\{73AF7B9D-C1F4-46AF-B324-3415D74715F2} : DhcpNameServer = 8.8.8.8

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110513105618.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [(Default)]

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-29 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-2 366640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 355440]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 355440]

R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-9-29 200056]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-9-29 245352]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-9-29 149032]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-29 705856]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-10 136176]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-10 136176]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 355440]

.

=============== Created Last 30 ================

.

2011-08-05 22:32:31 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{A2F6A409-B9AE-4B93-B8F1-53B397916F36}

2011-08-05 22:32:12 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{D2987B3C-2341-445D-8D65-50254979E712}

2011-08-04 11:34:52 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{A181DA7F-5539-4E34-83F6-83E0B6299036}

2011-08-03 23:34:28 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{CD805152-BEAD-49EE-A3FA-4FE92E71F9C2}

2011-08-03 03:34:51 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\Adobe

2011-08-03 03:26:15 -------- d-----w- C:\Windows\pss

2011-08-03 00:01:19 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{16E31B2F-1BBD-4D04-BF4C-9935D84AE359}

2011-08-02 23:34:49 -------- d-----w- C:\Users\ADRIANCM\AppData\Roaming\Malwarebytes

2011-08-02 23:34:45 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-02 23:34:45 -------- d-----w- C:\ProgramData\Malwarebytes

2011-08-02 23:34:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-02 23:34:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-02 12:33:22 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-08-02 11:59:06 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{D24785C9-D691-47F4-A0B0-58FB4BD7B959}

2011-08-02 03:27:36 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-08-02 03:26:01 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\SoftThinks

2011-08-02 02:41:24 65536 --sha-r- C:\Windows\SysWow64\wshbth5.dll

2011-08-01 00:45:01 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{574226CB-6A57-4BD8-A1D7-304D4FA7AEDB}\mpengine.dll

2011-08-01 00:42:19 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{40686EEB-3556-4450-B3B9-DF94ED2F7F3A}

2011-07-28 23:40:56 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{343BD73A-2A5C-4A30-A792-055D281AF2E2}

2011-07-28 02:16:15 -------- d-----w- C:\Program Files\DivX

2011-07-28 02:15:10 -------- d-----w- C:\Program Files (x86)\DivX

2011-07-28 02:13:11 -------- d-----w- C:\ProgramData\DivX

2011-07-28 00:46:04 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{6A65CF80-FFC8-4063-BCD1-574D20D6F1F6}

2011-07-27 04:02:27 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{82F24C65-4F85-4756-AC6B-5A52B0A9AEF4}

2011-07-26 23:50:09 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\Amazon

2011-07-26 03:22:40 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{0BAAE034-39BC-43FD-8DA5-F7C814E3C7DD}

2011-07-25 01:55:30 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{30C01F11-501B-4842-82A2-17311CB7ACD2}

2011-07-24 13:54:53 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{E07EAF14-5563-4D7C-935C-4AA79CBA8B33}

2011-07-24 01:29:23 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{C8DFF290-B8A9-498C-9448-C1195F6B88F1}

2011-07-23 13:29:11 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{2F0D237A-0C63-45FF-BE07-41D495813897}

2011-07-22 23:31:59 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{9EF23D40-7B82-404D-99DA-B353D99311B4}

2011-07-21 23:53:00 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{2C45AE8B-48E5-4A65-94DF-8AA491DE7B82}

2011-07-21 00:22:50 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{79D5C3F0-A8A6-45A8-8BDF-233244B87DC7}

2011-07-19 23:45:33 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{D50DF37F-D368-4C3B-B5D1-4B7EB4CF83BB}

2011-07-19 00:16:40 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{15CF5D53-6B1F-4294-80AC-657F1B3C1C8E}

2011-07-17 13:45:11 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{E0F279C7-888F-421E-834C-9B0BBB994DB7}

2011-07-17 01:44:36 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{84F474D9-97CA-4782-9A5E-DE7189B92552}

2011-07-16 13:44:24 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{2FA058DA-E8AB-4E98-B822-3A6D03D7BF88}

2011-07-16 13:44:02 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{1AE2AD63-D384-4D1F-A2DE-E6E6EBA78359}

2011-07-15 23:51:23 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{1BA978A0-B0BE-4D89-8BCC-26C75CAE8870}

2011-07-15 00:21:07 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{4EFA720E-D58C-4A4F-9889-769C6D42A96B}

2011-07-14 01:05:30 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{161A3D61-4DAC-49FD-8866-84C1294F5D8E}

2011-07-13 00:23:59 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{1CF3834A-0C6D-4888-9099-77AB93333F85}

2011-07-12 00:34:14 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{606334E1-44A4-4D55-9EA2-7B7E56916629}

2011-07-10 15:20:10 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{DC01EDAB-67C3-486D-80AC-4EC17D905E12}

2011-07-10 03:19:47 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{F160D4C9-BC62-4251-86DF-16ECCA4CE556}

2011-07-09 15:19:35 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{1B8E1F53-B6D1-41A5-9678-CC33BFD547BF}

2011-07-09 15:19:13 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{C01F14C8-3110-4B05-ADD5-59B7D150B268}

2011-07-09 00:06:37 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{EA278CC3-A1CD-47A6-9CAB-C5D0E1211CA3}

2011-07-07 22:54:58 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{E5A15BAA-73A5-4E38-A4E8-2C12BBFEFA71}

2011-07-07 00:39:59 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{02C96D81-CAA3-4B48-A68C-D77AF3FE48CE}

.

==================== Find3M ====================

.

2011-08-04 00:32:00 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-25 00:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

.

============= FINISH: 17:38:20.15 ===============

Thank you again, please let me know what can I do next.

Link to post
Share on other sites

Hello,

Here it is the combofix report:

ComboFix 11-08-05.02 - ADRIANCM 08/05/2011 18:09:00.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6406 [GMT -5:00]

Running from: c:\users\ADRIANCM\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))

.

.

2011-08-05 23:14 . 2011-08-05 23:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-05 22:42 . 2011-08-05 22:42 -------- d-----w- c:\windows\en

2011-08-05 22:41 . 2011-08-05 22:41 -------- d-----w- c:\program files\Windows Live

2011-08-03 03:34 . 2011-08-04 04:10 -------- d-----w- c:\users\ADRIANCM\AppData\Local\Adobe

2011-08-02 23:34 . 2011-08-02 23:34 -------- d-----w- c:\users\ADRIANCM\AppData\Roaming\Malwarebytes

2011-08-02 23:34 . 2011-08-02 23:34 -------- d-----w- c:\programdata\Malwarebytes

2011-08-02 23:34 . 2011-07-07 00:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-02 23:34 . 2011-07-07 00:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-02 23:34 . 2011-08-02 23:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-02 12:33 . 2011-08-02 12:33 -------- d-----w- c:\program files (x86)\Trend Micro

2011-08-02 03:27 . 2011-08-02 03:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-08-02 03:26 . 2011-08-05 23:19 -------- d-----w- c:\users\ADRIANCM\AppData\Local\SoftThinks

2011-08-02 02:41 . 2011-08-02 02:41 65536 --sha-r- c:\windows\SysWow64\wshbth5.dll

2011-08-02 02:17 . 2011-08-02 02:17 -------- d-----w- c:\users\ADRIANCM\AppData\Roaming\DivX

2011-08-01 00:45 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{574226CB-6A57-4BD8-A1D7-304D4FA7AEDB}\mpengine.dll

2011-07-28 02:16 . 2011-08-03 03:35 -------- d-----w- c:\program files\DivX

2011-07-28 02:15 . 2011-08-03 03:35 -------- d-----w- c:\program files (x86)\DivX

2011-07-28 02:13 . 2011-08-03 03:35 -------- d-----w- c:\programdata\DivX

2011-07-26 23:50 . 2011-07-26 23:50 -------- d-----w- c:\users\ADRIANCM\AppData\Local\Amazon

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-05 22:41 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-08-04 00:32 . 2011-05-18 15:52 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-03 05:57 . 2011-07-13 00:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-25 00:14 . 2011-04-21 14:19 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 11:42 . 2011-06-29 00:37 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 10:40 . 2011-06-29 00:37 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:40 . 2011-06-29 00:37 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:39 . 2011-06-29 00:37 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37 . 2011-06-29 00:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2011-05-13 21:03 . 2011-05-13 21:03 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2011-05-13 20:42 . 2011-05-13 20:42 302448 ----a-w- c:\windows\WLXPGSS.SCR

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Workrave"="c:\program files (x86)\Workrave\lib\workrave.exe" [2010-08-29 3695616]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-21 718720]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

"googletalk"="c:\users\ADRIANCM\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-10-06 560128]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]

.

c:\users\ADRIANCM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-5-27 576000]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S3 ALSysIO;ALSysIO;c:\users\ADRIANCM\AppData\Local\Temp\ALSysIO64.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 00:12]

.

2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 00:12]

.

2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732359245-3744587567-567833587-1000Core.job

- c:\users\ADRIANCM\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-06 12:58]

.

2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732359245-3744587567-567833587-1000UA.job

- c:\users\ADRIANCM\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-06 12:58]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 8.8.8.8

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe

.

**************************************************************************

.

Completion time: 2011-08-05 18:23:20 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-05 23:23

.

Pre-Run: 755,535,601,664 bytes free

Post-Run: 755,450,744,832 bytes free

.

- - End Of File - - 9C091E62D1DE4F9BAAF7342719FED25A

And here is the new DDS report:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 10/6/2010 7:36:55 AM

System Uptime: 8/5/2011 10:41:40 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0G3HR7

Processor: Intel® Core i5 CPU 650 @ 3.20GHz | CPU 1 | 3201/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 921 GiB total, 703.641 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.1

Advanced IP Scanner v1.5

Consumer In-Home Service Agreement

D3DX10

Definition update for Microsoft Office 2010 (KB982726)

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Driver Download Manager

Dell Getting Started Guide

DirectXInstallService

EMC 10 Content

Google Chrome

Google Earth Plug-in

Google Talk (remove only)

Google Update Helper

GPL Ghostscript 8.71

GSview 4.9

HyperSnap-DX 5

Intel® Control Center

Intel® Rapid Storage Technology

Internet TV for Windows Media Center

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

MagicDisc 2.7.106

Malwarebytes' Anti-Malware version 1.51.1.1800

MATLAB R2008a

McAfee Security Center

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Visio 2007 Service Pack 2 (SP2)

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

MiKTeX 2.8

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multimedia Card Reader

Notepad++

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy CD and DVD Burning

Roxio Express Labeler 3

Roxio Update Manager

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio 2007 (KB2434737)

Skype Toolbars

Skype™ 5.3

Sonic CinePlayer Decoder Pack

StarCraft II

TeXnicCenter Version 1.0 Stable RC1

THX TruStudio PC

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Visio 2007 Help (KB963666)

Winamp

Winamp Detector Plug-in

WinDjView 1.0.3

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Center Add-in for Flash

WinSCP 4.2.9

Workrave 1.9.2

Xmanager Enterprise

.

==== Event Viewer Messages From Past Week ========

.

8/5/2011 6:20:48 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: A device attached to the system is not functioning.

8/5/2011 6:15:32 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/5/2011 6:05:09 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

8/5/2011 6:05:09 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/5/2011 6:05:09 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/5/2011 6:05:09 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/5/2011 6:05:09 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/5/2011 6:05:09 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/5/2011 6:05:09 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/5/2011 10:42:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter

8/5/2011 10:41:58 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.

8/2/2011 7:00:37 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004

8/2/2011 10:28:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr tdx Wanarpv6 WfpLwf

8/2/2011 10:28:47 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/2/2011 10:28:47 PM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

8/2/2011 10:28:47 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

8/2/2011 10:27:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Service Pack 1 for Microsoft Office 2010 (KB2510690) 32-bit Edition.

8/1/2011 8:03:21 PM, Error: volsnap [10] - The shadow copy of volume D: took too long to install.

8/1/2011 7:42:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom RxFilter

.

==== End Of File ===========================

Link to post
Share on other sites

Sorry, I pasted the wrong DDS file, please find below the DDS.txt, Thanks,

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by ADRIANCM at 22:49:55 on 2011-08-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6346 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Core Temp\Core Temp.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\ADRIANCM\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\StikyNot.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110513105618.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [Workrave] C:\Program Files (x86)\Workrave\lib\workrave.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [googletalk] C:\Users\ADRIANCM\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\ADRIANCM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

TCP: DhcpNameServer = 8.8.8.8

TCP: Interfaces\{73AF7B9D-C1F4-46AF-B324-3415D74715F2} : DhcpNameServer = 8.8.8.8

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110513105618.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-29 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-2 366640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 355440]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 355440]

R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-9-29 200056]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-9-29 245352]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-9-29 149032]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-29 705856]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-10 136176]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-10 136176]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 355440]

.

=============== Created Last 30 ================

.

2011-08-05 23:19:50 -------- d-sh--w- C:\$RECYCLE.BIN

2011-08-05 23:07:44 98816 ----a-w- C:\Windows\sed.exe

2011-08-05 23:07:44 518144 ----a-w- C:\Windows\SWREG.exe

2011-08-05 23:07:44 256000 ----a-w- C:\Windows\PEV.exe

2011-08-05 23:07:44 208896 ----a-w- C:\Windows\MBR.exe

2011-08-05 22:46:20 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{21A4B266-25C2-4936-BB10-7BEBE862B785}

2011-08-05 22:46:09 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{55997C16-F573-4241-A524-F7AF38A2948E}

2011-08-05 22:42:24 -------- d-----w- C:\Windows\en

2011-08-05 22:32:12 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{D2987B3C-2341-445D-8D65-50254979E712}

2011-08-04 11:34:52 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{A181DA7F-5539-4E34-83F6-83E0B6299036}

2011-08-03 23:34:28 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{CD805152-BEAD-49EE-A3FA-4FE92E71F9C2}

2011-08-03 03:34:51 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\Adobe

2011-08-03 03:26:15 -------- d-----w- C:\Windows\pss

2011-08-03 00:01:19 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{16E31B2F-1BBD-4D04-BF4C-9935D84AE359}

2011-08-02 23:34:49 -------- d-----w- C:\Users\ADRIANCM\AppData\Roaming\Malwarebytes

2011-08-02 23:34:45 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-02 23:34:45 -------- d-----w- C:\ProgramData\Malwarebytes

2011-08-02 23:34:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-02 23:34:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-02 12:33:22 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-08-02 11:59:06 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{D24785C9-D691-47F4-A0B0-58FB4BD7B959}

2011-08-02 03:27:36 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-08-02 03:26:01 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\SoftThinks

2011-08-02 02:41:24 65536 --sha-r- C:\Windows\SysWow64\wshbth5.dll

2011-08-01 00:45:01 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{574226CB-6A57-4BD8-A1D7-304D4FA7AEDB}\mpengine.dll

2011-08-01 00:42:19 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{40686EEB-3556-4450-B3B9-DF94ED2F7F3A}

2011-07-28 23:40:56 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{343BD73A-2A5C-4A30-A792-055D281AF2E2}

2011-07-28 02:16:15 -------- d-----w- C:\Program Files\DivX

2011-07-28 02:15:10 -------- d-----w- C:\Program Files (x86)\DivX

2011-07-28 02:13:11 -------- d-----w- C:\ProgramData\DivX

2011-07-28 00:46:04 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{6A65CF80-FFC8-4063-BCD1-574D20D6F1F6}

2011-07-27 04:02:27 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{82F24C65-4F85-4756-AC6B-5A52B0A9AEF4}

2011-07-26 23:50:09 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\Amazon

2011-07-26 03:22:40 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{0BAAE034-39BC-43FD-8DA5-F7C814E3C7DD}

2011-07-25 01:55:30 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{30C01F11-501B-4842-82A2-17311CB7ACD2}

2011-07-24 13:54:53 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{E07EAF14-5563-4D7C-935C-4AA79CBA8B33}

2011-07-24 01:29:23 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{C8DFF290-B8A9-498C-9448-C1195F6B88F1}

2011-07-23 13:29:11 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{2F0D237A-0C63-45FF-BE07-41D495813897}

2011-07-22 23:31:59 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{9EF23D40-7B82-404D-99DA-B353D99311B4}

2011-07-21 23:53:00 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{2C45AE8B-48E5-4A65-94DF-8AA491DE7B82}

2011-07-21 00:22:50 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{79D5C3F0-A8A6-45A8-8BDF-233244B87DC7}

2011-07-19 23:45:33 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{D50DF37F-D368-4C3B-B5D1-4B7EB4CF83BB}

2011-07-19 00:16:40 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{15CF5D53-6B1F-4294-80AC-657F1B3C1C8E}

2011-07-17 13:45:11 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{E0F279C7-888F-421E-834C-9B0BBB994DB7}

2011-07-17 01:44:36 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{84F474D9-97CA-4782-9A5E-DE7189B92552}

2011-07-16 13:44:24 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{2FA058DA-E8AB-4E98-B822-3A6D03D7BF88}

2011-07-16 13:44:02 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{1AE2AD63-D384-4D1F-A2DE-E6E6EBA78359}

2011-07-15 23:51:23 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{1BA978A0-B0BE-4D89-8BCC-26C75CAE8870}

2011-07-15 00:21:07 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{4EFA720E-D58C-4A4F-9889-769C6D42A96B}

2011-07-14 01:05:30 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{161A3D61-4DAC-49FD-8866-84C1294F5D8E}

2011-07-13 00:23:59 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{1CF3834A-0C6D-4888-9099-77AB93333F85}

2011-07-12 00:34:14 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{606334E1-44A4-4D55-9EA2-7B7E56916629}

2011-07-10 15:20:10 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{DC01EDAB-67C3-486D-80AC-4EC17D905E12}

2011-07-10 03:19:47 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{F160D4C9-BC62-4251-86DF-16ECCA4CE556}

2011-07-09 15:19:35 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{1B8E1F53-B6D1-41A5-9678-CC33BFD547BF}

2011-07-09 15:19:13 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{C01F14C8-3110-4B05-ADD5-59B7D150B268}

2011-07-09 00:06:37 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{EA278CC3-A1CD-47A6-9CAB-C5D0E1211CA3}

2011-07-07 22:54:58 -------- d-----w- C:\Users\ADRIANCM\AppData\Local\{E5A15BAA-73A5-4E38-A4E8-2C12BBFEFA71}

.

==================== Find3M ====================

.

2011-08-04 00:32:00 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-25 00:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-13 21:03:34 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2011-05-13 20:42:24 302448 ----a-w- C:\Windows\WLXPGSS.SCR

.

============= FINISH: 22:50:29.05 ===============

Link to post
Share on other sites

  • Staff

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hello, I've been having problems running the ESET online scanner since it takes forever to scan and after I waited a long time it finally finished but the log.txt only have 3 lines:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Next I run the checkup and here it is the file:

Results of screen317's Security Check version 0.99.18

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

ESET Online Scanner v3

McAfee Security Center

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Flash Player Out of Date!

Adobe Flash Player 10.1.53.64

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

Thanks, please let me know what else can I do.

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Reader 9.0

ESET Online Scanner v3

Adobe Flash Player 10.1.53.64

Restart your computer.

Get the latest version of Adobe Reader and Adobe Flash Player.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Sorry for the delay in my response, everything is working fine now, I reinstalled the adobe flash player and reader and now the windows defender and security center is working. Until now, the google redirect is not longer happening so I'm assuming that everything is corrected now.

Thanks for your help.

Link to post
Share on other sites

  • Staff

Great news!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.