• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.

zigzag839

Full Member
  • Content count

    9
  • Joined

  • Last visited

About zigzag839

  • Rank
    Member
  • Birthday
  1. ok so I ran FSS and it generated a log, but when I ran aswMBR it started the sscan but did a memory crash dumb like 2 min. into the scan. Anyways, here's the FSS log I'm going to run aswMBR again maybe it was just an accident and see what happens. But last up date was 6/20 of this year but not exactly sure how long it's been doing so. I'd say easily a few months. But here's the FSS logs: Farbar Service Scanner Version: 09-11-2012 Ran by Marjorie (administrator) on 16-11-2012 at 23:00:28 Running from "C:\Users\Marjorie\Desktop" Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  2. Here is the DDS report, sorry I didn't post it in earlier post; DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16446 BrowserJavaVersion: 10.9.2 Run by Marjorie at 21:36:22 on 2012-11-16 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4027.1836 [GMT -6:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_77bc6f73872bc333\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_77bc6f73872bc333\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\spool\DRIVERS\x64\3\lxdnserv.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe C:\Windows\SMINST\BLService.exe C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Tango\Tango.exe C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\ehome\ehmsas.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe c:\PROGRA~1\mcafee.com\agent\mcupdate.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Tango] C:\Program Files (x86)\Tango\Tango.exe -r uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~2.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab TCP: NameServer = 172.16.0.1 TCP: Interfaces\{E43AF0EB-4C72-4249-8E67-72E784AEE0A8} : DHCPNameServer = 172.16.0.1 TCP: Interfaces\{E43AF0EB-4C72-4249-8E67-72E784AEE0A8}\05E434C4745756374737 : DHCPNameServer = 172.29.10.220 172.16.15.82 TCP: Interfaces\{E43AF0EB-4C72-4249-8E67-72E784AEE0A8}\14454543232313 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{E43AF0EB-4C72-4249-8E67-72E784AEE0A8}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.1.0.1 66.103.64.5 66.103.80.4 TCP: Interfaces\{E43AF0EB-4C72-4249-8E67-72E784AEE0A8}\755602164702478656027555 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 TCP: Interfaces\{E43AF0EB-4C72-4249-8E67-72E784AEE0A8}\E656477656162723031323 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{FE25DA7B-36D0-4815-98E3-BB08CF527B0B} : DHCPNameServer = 172.16.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" x64-Run: [lxdnamon] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe" x64-Run: [lxdnmon.exe] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe" x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-4-3 752672] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-5-4 335784] R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2010-12-8 66040] R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-5-4 69672] R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-5-7 127488] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-3 25928] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-4-3 300392] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-5-4 513456] S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-9-29 196440] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-5-4 106112] S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-4-3 40904] S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-4-3 49480] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-5-16 20992] . =============== Created Last 30 ================ . 2012-11-14 08:07:58 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2D2AE6F-A5F5-4DC4-840A-4C8B7F3E9A00}\offreg.dll 2012-11-11 03:56:04 -------- d-sh--w- C:\$RECYCLE.BIN 2012-11-11 03:12:12 98816 ----a-w- C:\Windows\sed.exe 2012-11-11 03:12:12 256000 ----a-w- C:\Windows\PEV.exe 2012-11-11 03:12:12 208896 ----a-w- C:\Windows\MBR.exe 2012-11-11 03:12:08 -------- d-----w- C:\ComboFix 2012-11-11 02:17:05 -------- d-----w- C:\Program Files\HitmanPro 2012-11-11 02:16:59 -------- d-----w- C:\ProgramData\HitmanPro 2012-11-09 23:04:48 -------- d-sh--w- C:\Windows\System32\%APPDATA% 2012-11-09 05:34:22 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2D2AE6F-A5F5-4DC4-840A-4C8B7F3E9A00}\mpengine.dll 2012-11-06 07:01:07 -------- d-----w- C:\ProgramData\IObit 2012-11-06 07:01:02 -------- d-----w- C:\Users\Marjorie\AppData\Roaming\IObit 2012-11-06 07:00:54 -------- d-----w- C:\Program Files (x86)\IObit 2012-11-06 05:40:52 -------- d-----w- C:\Windows\CheckSur 2012-11-04 22:47:44 -------- d-----w- C:\ProgramData\Kaspersky Lab 2012-11-04 18:44:45 -------- d-----w- C:\Program Files (x86)\ESET 2012-11-04 18:43:09 -------- d--h--w- C:\Windows\AxInstSV 2012-11-03 18:05:22 -------- d-----w- C:\Users\Marjorie\AppData\Roaming\Malwarebytes 2012-11-03 17:45:38 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-03 17:45:34 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-11-03 17:45:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-03 16:56:53 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-11-03 16:56:53 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-11-03 16:03:24 -------- d-----w- C:\ProgramData\McAfee Security Scan 2012-11-03 16:03:22 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan 2012-11-03 16:03:03 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-31 03:00:50 -------- d-----w- C:\ProgramData\ErrorEND64 2012-10-24 21:10:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-10-24 21:10:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-10-24 21:10:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-10-24 21:10:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-10-24 21:10:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-10-24 21:10:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-10-24 21:10:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-10-19 05:19:24 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe . ==================== Find3M ==================== . 2012-09-11 18:59:28 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-09-11 18:59:28 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-07-18 06:06:38 4024320 ----a-w- C:\Program Files (x86)\GUT154B.tmp . ============= FINISH: 21:37:27.06 ===============
  3. Ok, anyways I usually run combofix and it does the job and I do know the consequnces of running combofix. However, here are the logs you asked for: Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.13.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Marjorie :: BRIANFOLKERTS-P [administrator] Protection: Enabled 11/14/2012 9:18:21 PM mbam-log-2012-11-14 (21-18-21).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 437066 Time elapsed: 2 hour(s), 17 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Security Check: Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 9 Java 6 Update 5 Adobe Reader 8 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes Anti-Malware mbam.exe McAfee VirusScan mcods.exe Malwarebytes' Anti-Malware mbamscheduler.exe McAfee Online Backup MOBKstat.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  4. I ran combofix and I don't think it fixed anything, here's the log file from combofix: ComboFix 12-11-09.02 - Marjorie 11/10/2012 21:13:54.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4027.2641 [GMT -6:00] Running from: c:\users\Marjorie\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Marjorie\AppData\Local\Windows Server . . ((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 ))))))))))))))))))))))))))))))) . . 2012-11-11 03:23 . 2012-11-11 03:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-11 02:17 . 2012-11-11 02:17 -------- d-----w- c:\program files\HitmanPro 2012-11-11 02:16 . 2012-11-11 02:17 -------- d-----w- c:\programdata\HitmanPro 2012-11-09 23:04 . 2012-11-09 23:04 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-11-09 18:03 . 2012-11-11 03:15 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2D2AE6F-A5F5-4DC4-840A-4C8B7F3E9A00}\offreg.dll 2012-11-09 05:34 . 2012-10-17 07:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2D2AE6F-A5F5-4DC4-840A-4C8B7F3E9A00}\mpengine.dll 2012-11-06 07:01 . 2012-11-06 07:01 -------- d-----w- c:\programdata\IObit 2012-11-06 07:01 . 2012-11-06 07:01 -------- d-----w- c:\users\Marjorie\AppData\Roaming\IObit 2012-11-06 07:00 . 2012-11-06 07:00 -------- d-----w- c:\program files (x86)\IObit 2012-11-06 05:40 . 2012-11-06 05:40 -------- d-----w- c:\windows\CheckSur 2012-11-04 22:47 . 2012-11-04 22:47 -------- d-----w- c:\programdata\Kaspersky Lab 2012-11-04 18:44 . 2012-11-04 18:44 -------- d-----w- c:\program files (x86)\ESET 2012-11-04 18:43 . 2012-11-04 18:44 -------- d--h--w- c:\windows\AxInstSV 2012-11-03 18:05 . 2012-11-03 18:05 -------- d-----w- c:\users\Marjorie\AppData\Roaming\Malwarebytes 2012-11-03 17:45 . 2012-11-03 17:45 -------- d-----w- c:\programdata\Malwarebytes 2012-11-03 17:45 . 2012-11-03 17:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-03 17:45 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-03 16:56 . 2012-11-09 22:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-11-03 16:56 . 2012-11-09 22:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-11-03 16:03 . 2012-11-03 16:03 -------- d-----w- c:\programdata\McAfee Security Scan 2012-11-03 16:03 . 2012-11-03 16:18 -------- d-----w- c:\program files (x86)\McAfee Security Scan 2012-11-03 16:03 . 2012-09-25 04:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-31 03:00 . 2012-10-31 03:00 -------- d-----w- c:\programdata\ErrorEND64 2012-10-24 21:10 . 2012-10-24 21:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-10-24 21:10 . 2012-10-24 21:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-10-24 21:10 . 2012-10-24 21:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-10-24 21:10 . 2012-10-24 21:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-10-24 21:10 . 2012-10-24 21:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-10-24 21:10 . 2012-10-24 21:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-10-24 21:10 . 2012-10-24 21:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-10-24 21:10 . 2012-10-24 21:10 -------- d-----w- c:\program files (x86)\QuickTime 2012-10-19 05:19 . 2012-10-19 05:19 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-28 06:18 . 2010-04-14 19:49 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-09-11 18:59 . 2012-07-24 04:32 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-09-11 18:59 . 2010-05-03 05:20 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-07-18 06:06 . 2012-07-18 06:06 4024320 ----a-w- c:\program files (x86)\GUT154B.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-05-04 20:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328] "Steam"="c:\program files (x86)\steam\steam.exe" [2012-08-18 1353080] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-01 39408] "Tango"="c:\program files (x86)\Tango\Tango.exe" [2011-11-04 13489992] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-25 490880] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896] "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752] "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032] "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 994344] McAfee Online Backup Status.lnk - c:\program files (x86)\McAfee Online Backup\MOBKstat.exe [2010-4-13 4178744] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] R2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 27536] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-22 106112] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1255736] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784] S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040] S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_77bc6f73872bc333\AESTSr64.exe [2008-02-12 86016] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520] S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [2008-02-27 33960] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-06-15 103472] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-06-22 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-06-22 177144] S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-06-22 69672] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 60928] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-05-07 127488] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-06-22 513456] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 *Deregistered* - MPFP . Contents of the 'Scheduled Tasks' folder . 2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 05:19] . 2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-22 05:12] . 2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-22 05:12] . 2012-10-29 c:\windows\Tasks\HPCeeScheduleForMarjorie.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-06-10 03:03] . 2012-11-09 c:\windows\Tasks\Norton Security Scan for Marjorie.job - c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-19 06:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392] "SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-04-15 444416] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712] "lxdnamon"="c:\program files (x86)\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040] "lxdnmon.exe"="c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s TCP: DhcpNameServer = 172.16.0.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-39389661.sys AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-10 21:29:15 ComboFix-quarantined-files.txt 2012-11-11 03:29 . Pre-Run: 153,507,979,264 bytes free Post-Run: 152,900,345,856 bytes free . - - End Of File - - C35831CD651776AE9D0D433B12C612FF EDIT: It is not a good idea to run ComboFix without trained guidance... Please read the Instructions http://www.spywareinfoforum.com/index.php?showtopic=79038 and post the logs we ask for... Thank you...
  5. Hi, my windows isn't updating, I ran the normal Malbytes and Hitman pro as usual but still nothing is coming up, I found a few weird things running in my hijack this log but don't want to try anything as this isn't my machine. Here's the hijack this log, also hijack this ran into problems with permissions. Anyways, here it is: Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe C:\Program Files (x86)\Tango\Tango.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Users\Marjorie\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Tango] C:\Program Files (x86)\Tango\Tango.exe -r O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe O4 - Global Startup: McAfee Online Backup Status.lnk = C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_77bc6f73872bc333\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_77bc6f73872bc333\STacSV64.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 19355 bytes Edit: HijackThis doesn't handle Windows 7 well. Please read the Instructions and post the other requested logs: MBAM, DDS, Security Check. We need the information in order to help you.
  6. Thanks for the help. Here is my MBAM log: Malwarebytes' Anti-Malware 1.43 Database version: 3498 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18865 1/5/2010 6:00:03 PM mbam-log-2010-01-05 (18-00-03).txt Scan type: Quick Scan Objects scanned: 112801 Time elapsed: 6 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\AppID\{cdb65423-01f2-4caf-b56d-ff0590d26ec7} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) hijackthis LOG: Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 6:04:43 PM, on 1/5/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O4 - Startup: Logitech G-series Keyboard Profiler.lnk = C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe O4 - Startup: sttray.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: rogunia.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 4147 bytes
  7. Hi, guys I just want to say that I really love the site. Now lets get down to business. For some reason my computer has been slowly getting slower. I use to play my games with no problem at all, but now it seems like games I use to play flawless, I can't even play for 5 min. and I have to quite because I can't stand the lag. Here is my log I hope you guys find something: Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 10:56:46 PM, on 1/1/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O1 - Hosts: 217.20.175.74 www.review.2009softwarereviews.com O1 - Hosts: 217.20.175.74 www.d1.reviews.cnet.com O1 - Hosts: 217.20.175.74 www.reviews.toptenreviews.com O1 - Hosts: 217.20.175.74 reviews.toptenreviews.com O1 - Hosts: 217.20.175.74 www.reviews.download.com O1 - Hosts: 217.20.175.74 www.reviews.pcadvisor.c.uk O1 - Hosts: 217.20.175.74 www.reviews.pcmag.com O1 - Hosts: 217.20.175.74 www.reviews.pcpro.co.uk O1 - Hosts: 217.20.175.74 www.reviews.reevoo.com O1 - Hosts: 217.20.175.74 reviews.reevoo.com O1 - Hosts: 217.20.175.74 www.reviews.riverstreams.co.uk O1 - Hosts: 217.20.175.74 www.reviews.techradar.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Logitech G-series Keyboard Profiler.lnk = C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe O4 - Startup: sttray.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: rogunia.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 4617 bytes
  8. Hi guys, I really appreciate you taking time from your life to help me. The problem is that my PC is running really slow for some reason. My CPU usage is crazy and I have processes running that I don't even know about. Before my computer was running slow I upgraded it to 4GB of Ram and it started running smooth as ice. But then it started running slower and slower to the point that I don't even want to play my video games anymore . I tried updating video drivers, but no help. I ran a couple of virus scans only to come up with nothing. I don't know what the problem is. I hope you guys can figure it out, Im no expert at these logs...yet, but I don't see anything out of the ordinary. Here is my log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:02:33 PM, on 10/22/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Red Kawa\Video Converter App\Tools\FFmpeg\ffmpeg.exe C:\Windows\system32\Dwm.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {1395FDB0-9546-44AC-B4EA-EDE30B6B3A1A} - C:\Windows\system32\atmf.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [setPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 5687 bytes
  9. First of I would like to say I love this site and all your guys help for various things. Now my problem is that Windows Live One Care cant be uninstalled for whatever reason. I ran Windows Deffender and Spybot Search and destroy and Spysweepr, and Adaware se-personal. I did all these various checkups and it keeps picking up the same viruses and bugs every time I scan. Everything is laggy and none of my games are launching. Please help me because I ran out of things to do. Oh and system restor is not working. Logfile of HijackThis v1.99.1 Scan saved at 2:47:44 PM, on 1/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX49.406\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169656693421 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing) O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS