• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.

Bruick

Full Member
  • Content count

    3
  • Joined

  • Last visited

About Bruick

  • Rank
    Member
  • Birthday
  1. # AdwCleaner v2.104 - Logfile created 01/04/2013 at 13:27:00 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Angela - ANGELA-PC # Boot Mode : Normal # Running from : C:\Users\Angela\Desktop\The Fixing Folder\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Browser Manager ***** [Files / Folders] ***** Deleted on reboot : C:\ProgramData\Browser Manager File Deleted : C:\Users\Public\Desktop\eBay.lnk Folder Deleted : C:\Program Files (x86)\Yontoo Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Angela\AppData\Roaming\Babylon Folder Deleted : C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23787~1.43\{16cdf~1\browsemngr.dll Key Deleted : HKCU\Software\BrowserMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\5c55da8cbc3ab845 Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\BrowserMngr Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\5c55da8cbc3ab845 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [browserMngr Start Page] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=115038&tt=120812_bandext_3312_3&babsrc=NT_ss&mntrId=7c4e86d4000000000000e4d53db0d304 --> hxxp://www.google.com ************************* AdwCleaner[R1].txt - [4391 octets] - [03/01/2013 11:26:20] AdwCleaner[R2].txt - [4194 octets] - [04/01/2013 13:22:14] AdwCleaner[s1].txt - [4271 octets] - [04/01/2013 13:27:00] ########## EOF - C:\AdwCleaner[s1].txt - [4331 octets] ########## SystemLook 30.07.11 by jpshortstuff Log created at 13:33 on 04/01/2013 by Angela Administrator - Elevation successful ========== filefind ========== Searching for "ntfs.sys" C:\Windows\erdnt\cache64\ntfs.sys --a---- 1659760 bytes [11:59 03/01/2013] [18:19 31/08/2012] E453ACF4E7D44E5530B5D5F2B9CA8563 C:\Windows\System32\drivers\ntfs.sys --a---- 1659760 bytes [19:51 10/10/2012] [18:19 31/08/2012] E453ACF4E7D44E5530B5D5F2B9CA8563 C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys --a---- 1659776 bytes [03:23 21/11/2010] [03:23 21/11/2010] 05D78AA5CB5F3F5C31160BDB955D0B7C C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys --a---- 1659776 bytes [19:04 16/11/2011] [06:41 11/03/2011] A2F74975097F52A00745F9637451FDD8 C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_0477c74a33a2859a\ntfs.sys --a---- 1659760 bytes [19:51 10/10/2012] [18:19 31/08/2012] E453ACF4E7D44E5530B5D5F2B9CA8563 C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys --a---- 1659776 bytes [19:04 16/11/2011] [06:19 11/03/2011] 87B104128D4D3BA3C13098BAEBF38082 C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_052b7b9d4ca0cf8b\ntfs.sys --a---- 1687408 bytes [19:51 10/10/2012] [17:57 31/08/2012] B2746D84DDF68D09B41B72DF745CCBA6 -= EOF =-
  2. # AdwCleaner v2.104 - Logfile created 01/03/2013 at 11:26:20 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Angela - ANGELA-PC # Boot Mode : Normal # Running from : C:\Users\Angela\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** Found : Browser Manager ***** [Files / Folders] ***** File Found : C:\Users\Public\Desktop\eBay.lnk Folder Found : C:\Program Files (x86)\Yontoo Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Browser Manager Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\Angela\AppData\Roaming\Babylon Folder Found : C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager ***** [Registry] ***** Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll Key Found : HKCU\Software\BrowserMngr Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKCU\Software\Optimizer Pro Key Found : HKCU\Software\5c55da8cbc3ab845 Key Found : HKLM\Software\Babylon Key Found : HKLM\Software\BrowserMngr Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Found : HKLM\Software\DataMngr Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Wow6432Node\5c55da8cbc3ab845 Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Found : HKLM\SOFTWARE\Tarma Installer Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [browserMngr Start Page] Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=115038&tt=120812_bandext_3312_3&babsrc=NT_ss&mntrId=7c4e86d4000000000000e4d53db0d304 ************************* AdwCleaner[R1].txt - [4272 octets] - [03/01/2013 11:26:20] ########## EOF - C:\AdwCleaner[R1].txt - [4332 octets] ########## -------------------------------------------------------------------------------------------- ComboFix 13-01-03.02 - Angela 03/01/2013 11:34:21.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2980.1522 [GMT 0:00] Running from: c:\users\Angela\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\6032\AddOnDownloaded\016060e8-e1de-4d82-bd11-b667007b1f12.dll c:\programdata\PCDr\6032\AddOnDownloaded\111e1115-314f-4404-be4a-ad58e8e2423d.dll c:\programdata\PCDr\6032\AddOnDownloaded\1d151f53-1500-414d-85b4-ab85d24f0785.dll c:\programdata\PCDr\6032\AddOnDownloaded\4011a5cd-1208-467b-b149-4c0534295875.dll c:\programdata\PCDr\6032\AddOnDownloaded\406007ac-5ba8-43e6-97b6-0c6ed58bb6e8.dll c:\programdata\PCDr\6032\AddOnDownloaded\468d25c7-baa8-4db4-a17f-ceac895a9bc8.dll c:\programdata\PCDr\6032\AddOnDownloaded\4cfdf1e7-d0b2-449c-bd2d-084cd975e5d8.dll c:\programdata\PCDr\6032\AddOnDownloaded\4f1c58d6-ca02-4906-b156-709481baca61.dll c:\programdata\PCDr\6032\AddOnDownloaded\62089595-46e8-4c4f-9d7b-48be969390bb.dll c:\programdata\PCDr\6032\AddOnDownloaded\73a14ca6-4567-413f-a60f-d04159cb72eb.dll c:\programdata\PCDr\6032\AddOnDownloaded\7779c9df-2dc0-4fd5-92bb-c64027285f8b.dll c:\programdata\PCDr\6032\AddOnDownloaded\788ad19e-7745-402f-a5a5-20d2ab8b5f1b.dll c:\programdata\PCDr\6032\AddOnDownloaded\918ee45c-eb0a-4e61-97ad-c1849c2623ee.dll c:\programdata\PCDr\6032\AddOnDownloaded\9881c561-a45a-4c53-9d45-de93a99e2898.dll c:\programdata\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll c:\programdata\PCDr\6032\AddOnDownloaded\b72409f9-df97-4592-bbfd-fff1ce0a9559.dll c:\programdata\PCDr\6032\AddOnDownloaded\bbd4d2b0-9dc6-46d0-a352-dbcd92f63c4d.dll c:\programdata\PCDr\6032\AddOnDownloaded\cb7af81b-44d9-4f99-b223-18a71e8c85b6.dll c:\programdata\PCDr\6032\AddOnDownloaded\d220b53c-6a3c-4b5d-8797-965d39e82fff.dll c:\programdata\PCDr\6032\AddOnDownloaded\e16f2788-babe-4a60-93d0-d507a5228753.dll c:\programdata\PCDr\6032\AddOnDownloaded\ff24953d-0c6e-4af9-a727-84ce58c99035.dll Y:\Autorun.inf . c:\windows\SysWow64\drivers\ntfs.sys . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2012-12-03 to 2013-01-03 ))))))))))))))))))))))))))))))) . . 2013-01-02 16:30 . 2013-01-02 16:30 -------- d-----w- c:\users\Angela\AppData\Roaming\Malwarebytes 2013-01-02 16:30 . 2013-01-02 16:30 -------- d-----w- c:\programdata\Malwarebytes 2013-01-02 16:30 . 2013-01-02 16:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-02 16:30 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-02 16:30 . 2013-01-02 16:30 -------- d-----w- c:\users\Angela\AppData\Local\Programs 2012-12-21 20:49 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 20:49 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 20:49 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 20:49 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-19 14:07 . 2012-11-14 05:59 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-12-12 21:41 . 2012-10-04 17:41 424960 ----a-w- c:\windows\system32\KernelBase.dll 2012-12-12 21:40 . 2012-10-04 17:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-12-12 21:24 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 21:24 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-12 21:05 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-12 20:58 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 20:58 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-18 22:52 . 2012-06-27 12:23 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-18 22:52 . 2012-06-27 12:23 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 22:08 . 2012-02-12 20:35 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-02 12:51 . 2012-08-31 13:22 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-12-02 12:47 . 2012-08-31 13:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-12-02 12:47 . 2012-08-31 13:21 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-11-09 06:40 . 2011-03-13 17:20 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-11-09 06:37 . 2011-03-13 17:20 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-11-09 06:37 . 2011-12-21 06:30 177680 ----a-w- c:\windows\system32\mfevtps.exe 2012-11-09 06:36 . 2011-12-21 06:30 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-11-09 06:36 . 2011-03-13 17:20 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-11-09 06:35 . 2011-03-13 17:20 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 06:34 . 2011-03-13 17:20 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-11-09 06:34 . 2011-03-13 17:20 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-11-09 06:33 . 2011-03-13 17:20 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-10-25 16:01 . 2012-09-20 20:59 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-10-25 16:00 . 2012-09-20 20:58 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-10-17 20:25 . 2012-10-17 20:25 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-10-16 08:38 . 2012-11-27 21:46 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 21:46 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 21:46 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-15 16:08 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-15 16:08 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-15 16:08 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 16:08 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2012-08-10 22:54 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Optimizer Pro"="c:\program files (x86)\Optimizer Pro\OptProLauncher.exe" [2012-06-10 79664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-08-01 165184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~3\browse~1\23787~1.43\{16cdf~1\browsemngr.dll "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-03 1255736] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-10 2309656] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 22:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448] "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016] "LXBUCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBUtime.dll" [2007-04-17 28672] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.co.uk/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready . . . Completion time: 2013-01-03 12:01:03 ComboFix-quarantined-files.txt 2013-01-03 12:01 . Pre-Run: 261,115,052,032 bytes free Post-Run: 262,029,127,680 bytes free . - - End Of File - - 4F556330763EF383A2F5B4F53E5D157A
  3. Evening all, Looking for some assistance in removing Optimizer Pro Speed Guard, I've included the DDS.txt log, MBAM log, Security Check log. Many thanks! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by Angela at 16:44:10 on 2013-01-02 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2980.1307 [GMT 0:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\windows\system32\taskeng.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\lxbucoms.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\mcafee.com\agent\mcagent.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe C:\Program Files\Dell Support Center\updater\appupdater.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120629134632.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{CB867FE4-C7FB-41E7-9E6B-D261AD0F4F29} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{DB9EDD7D-132D-4FDF-852F-A34D319AB671} : DHCPNameServer = 172.3.1.161 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll SSODL: WebCheck - <orphaned> x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120629134632.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup x64-Run: [LXBUCATS] rundll32 C:\windows\System32\spool\DRIVERS\x64\3\LXBUtime.dll,RunDLLEntry x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-3-13 771096] R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2011-3-13 339776] R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-12-21 55856] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-21 89600] R2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-17 2309656] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-21 13336] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-24 201304] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-24 201304] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-24 201304] R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-12-21 241016] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-12-21 218320] R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2011-12-21 177680] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-12-21 1692480] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-21 2656280] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208] R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2011-3-13 69672] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-12-21 176096] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-21 317440] R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2011-3-13 309400] R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2011-3-13 515528] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-12-21 533096] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2012-10-24 196440] S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-12-21 224704] S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2011-3-13 106112] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-12-21 250984] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-2-3 1255736] S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-24 201304] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2013-01-02 16:30:38 -------- d-----w- C:\Users\Angela\AppData\Roaming\Malwarebytes 2013-01-02 16:30:23 -------- d-----w- C:\ProgramData\Malwarebytes 2013-01-02 16:30:19 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-01-02 16:30:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-02 16:30:06 -------- d-----w- C:\Users\Angela\AppData\Local\Programs 2012-12-21 20:49:59 46080 ----a-w- C:\windows\System32\atmlib.dll 2012-12-21 20:49:59 367616 ----a-w- C:\windows\System32\atmfd.dll 2012-12-21 20:49:59 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-12-21 20:49:58 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-12 21:41:06 424960 ----a-w- C:\windows\System32\KernelBase.dll 2012-12-12 21:40:59 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-12-12 21:24:19 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-12-12 21:24:19 2048 ----a-w- C:\windows\System32\tzres.dll 2012-12-12 21:05:17 3149824 ----a-w- C:\windows\System32\win32k.sys 2012-12-12 20:58:09 478208 ----a-w- C:\windows\System32\dpnet.dll 2012-12-12 20:58:09 376832 ----a-w- C:\windows\SysWow64\dpnet.dll . ==================== Find3M ==================== . 2012-12-18 22:52:14 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-18 22:52:14 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-11-09 06:40:24 69672 ----a-w- C:\windows\System32\drivers\cfwids.sys 2012-11-09 06:37:42 339776 ----a-w- C:\windows\System32\drivers\mfewfpk.sys 2012-11-09 06:37:30 177680 ----a-w- C:\windows\System32\mfevtps.exe 2012-11-09 06:36:40 10288 ----a-w- C:\windows\System32\drivers\mfeclnk.sys 2012-11-09 06:36:30 106112 ----a-w- C:\windows\System32\drivers\mferkdet.sys 2012-11-09 06:35:50 771096 ----a-w- C:\windows\System32\drivers\mfehidk.sys 2012-11-09 06:34:58 515528 ----a-w- C:\windows\System32\drivers\mfefirek.sys 2012-11-09 06:34:18 309400 ----a-w- C:\windows\System32\drivers\mfeavfk.sys 2012-11-09 06:33:58 178840 ----a-w- C:\windows\System32\drivers\mfeapfk.sys 2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-10-04 16:47:41 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll . ============= FINISH: 16:45:07.87 =============== Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.02.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Angela :: ANGELA-PC [administrator] 02/01/2013 16:43:28 mbam-log-2013-01-02 (16-43-28).txt Scan type: Full scan (C:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 376213 Time elapsed: 1 hour(s), 34 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 30 Java version out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 9% ````````````````````End of Log``````````````````````