PC slow & browser crashes:

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mrhead

Thread Starter
Joined
Apr 1, 2007
Messages
8
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 32 bit
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz, x64 Family 6 Model 30 Stepping 5
Processor Count: 4
RAM: 3063 Mb
Graphics Card: NVIDIA GeForce 9500 GT, 1024 Mb
Hard Drives: C: Total - 953866 MB, Free - 892999 MB; D: Total - 61057 MB, Free - 60965 MB; F: Total - 2384654 MB, Free - 363700 MB; G: Total - 190779 MB, Free - 69943 MB;
Motherboard: BIOSTAR Group, T5XE CFX-SLI
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:30 PM, on 12/22/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\taskhost.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
c:\program files\real\realplayer\update\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: ShopAtHome - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120623074428.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShopAtHomeWatcher] C:\Users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [tcactive] C:\Program Files\The Cleaner\tcap.exe
O4 - HKCU\..\Run: [{6FAFC93D-808D-9A63-41E3-34FE375B2526}] "C:\Users\Tommy D\AppData\Roaming\Irciy\qoqe.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3609685801-731876030-2350830923-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3609685801-731876030-2350830923-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: What's my computer doing.lnk = C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\Windows\system32\hasplms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McciServiceHost - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciServiceHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcServiceHost.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 13907 bytes

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Tommy D at 12:25:22 on 2012-12-22
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.1931 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\hasplms.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcServiceHost.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
c:\program files\real\realplayer\update\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.yahoo.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: ShopAtHome.com Cash Back Helper: {66516A07-F617-488A-90CF-4E690CFB3C5F} - c:\users\tommy d\appdata\roaming\shopathome\shopathometoolbar\tbcore3U.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120623074428.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\users\tommy d\appdata\roaming\shopathome\shopathometoolbar\tbcore3U.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\users\tommy d\appdata\roaming\shopathome\shopathometoolbar\tbcore3U.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [tcactive] c:\program files\the cleaner\tcap.exe
uRun: [{6FAFC93D-808D-9A63-41E3-34FE375B2526}] "c:\users\tommy d\appdata\roaming\irciy\qoqe.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ShopAtHomeWatcher] c:\users\tommy d\appdata\roaming\shopathome\shopathomehelper\ShopAtHomeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\what's~1.lnk - c:\program files\what's my computer doing\WhatsMyComputerDoing.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: $talisma_url$
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1BDE4D9C-A1DA-4CBE-9782-365279697A4C} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 565352]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-4-3 210136]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2012-4-15 752128]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2012-4-15 3246040]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-12-19 100216]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-11-28 167784]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-11-28 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-11-28 167784]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-11-28 167784]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-4-3 203400]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-4-3 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-4-3 167344]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-9-24 361472]
R2 pcServiceHost;pcServiceHost;c:\program files\common files\motive\pcServiceHost.exe [2012-9-24 342016]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-3-30 681016]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2012-4-15 167968]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2010-1-19 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2010-1-19 11520]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-4-3 245760]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-4-3 60480]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-4-3 234824]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-4-3 362640]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 SCTDriverV1011;SCTDriverV1011;c:\windows\system32\drivers\SCTDriverV1011.sys [2010-5-10 202800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2012-5-8 315392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-11-28 146872]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-4-3 65488]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-4-3 92192]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-8-17 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-8-17 10200]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-4-3 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-12-20 27192]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-3-30 1295416]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-4-4 52224]
S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [2011-11-30 75264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-4-4 1343400]
S4 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-7-22 625816]
.
=============== Created Last 30 ================
.
2012-12-21 08:00:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 08:00:44 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-20 19:29:50 -------- d-----w- c:\users\tommy d\appdata\local\VS Revo Group
2012-12-20 19:29:47 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-12-20 19:29:45 -------- d-----w- c:\program files\VS Revo Group
2012-12-19 12:09:18 100216 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-12-14 16:13:54 -------- d-----w- c:\program files\AOL Toolbar
2012-12-12 14:47:31 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 14:47:29 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-11-30 22:28:44 -------- d-----w- c:\users\tommy d\appdata\roaming\ShopAtHome
2012-11-29 04:29:29 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
==================== Find3M ====================
.
2012-12-12 12:37:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 12:37:30 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 11:56:16 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 11:53:32 210136 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-11-09 11:53:22 167344 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 11:52:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 11:52:12 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 11:51:12 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 11:50:20 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 11:50:00 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 11:49:40 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 11:49:10 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-10-31 20:10:14 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-10-31 20:10:14 138056 ----a-w- c:\windows\system32\atl100.dll
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 02:15:04 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:15:00 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:14:50 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-11 02:14:50 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-11 02:14:46 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:14:44 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-11 02:14:42 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:14:28 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:14:22 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-11 02:14:22 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-11 02:14:16 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:14:16 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-03 16:58:30 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42:26 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42:26 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42:24 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 19:29:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29:41 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29:41 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:29:41 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29:22 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28:53 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 18:15:52 430952 ----a-w- c:\windows\system32\nvStreaming.exe
2012-09-25 22:47:43 78336 ----a-w- c:\windows\system32\synceng.dll
2012-09-25 03:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 12:26:14.71 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 4/3/2012 7:12:01 AM
System Uptime: 12/21/2012 3:09:06 AM (33 hours ago)
.
Motherboard: BIOSTAR Group | | T5XE CFX-SLI
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | CPU 1 | 2507/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 932 GiB total, 872.072 GiB free.
D: is FIXED (NTFS) - 60 GiB total, 59.537 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 2329 GiB total, 355.177 GiB free.
G: is FIXED (NTFS) - 186 GiB total, 68.304 GiB free.
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP177: 12/13/2012 4:56:27 AM - Windows Update
RP178: 12/16/2012 7:00:17 PM - Windows Backup
RP179: 12/21/2012 3:00:12 AM - Windows Update
RP181: 12/21/2012 2:56:46 PM - Revo Uninstaller Pro's restore point - OnDemand5
RP183: 12/21/2012 3:22:42 PM - Installed OnDemand5
RP184: 12/21/2012 3:41:26 PM - Installed ALLDATA Repair
.
==== Installed Programs ======================
.
µTorrent
Acronis*True*Image*Home 2011
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Adobe SVG Viewer 3.0
Adobe Widget Browser
Angry Birds HD for PC Premium Collection of 2012 Full
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ashampoo Burning Studio 9.20
AT&T Portal
AT&T Troubleshoot & Resolve Tool
Avery Wizard 4.0
BitPim 1.0.7
Bonjour
Brother MFL-Pro Suite MFC-J615W
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
Corvette Screensaver C1-C6
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DSDownloader 2.2.2.6
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
FNC 11 Installer
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.1.0.880
iCare Data Recovery Professional 4.6.4
Internet Download Manager
Internet Explorer (Enable DEP)
iTunes
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
Kodak EasyShare software
LG USB Modem driver
LightScribe System Software
LightScribe Template Labeler
Mac Blu-ray Player
McAfee SecurityCenter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft DirectX SDK (June 2010)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MiniTool Partition Wizard Home Edition 7.5
Monster Resume Easy Submit
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
OfotoXMI
OnDemand5
Pandora Service
PaperPort Image Printer
Plus Pack for Acronis True Image Home 2011
PxMergeModule
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller Pro 2.5.8
ScanSoft PaperPort 11
SCT Device Updater
SCTDriversV1011x86
Secunia PSI (3.0.0.0006)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
SFR
Shared C Run-time for x86
SHASTA
ShopAtHome.com Helper
ShopAtHome.com Toolbar
skin0001
SKINXSDK
SkyTrx 2006
staticcr
swMSM
The Cleaner 2012
The KMPlayer (remove only)
Trinity USB Drivers 1.1.1.1
UltraISO Premium V9.33
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VCM Suite (Beta)
VPRINTOL
What's my computer doing 1.xx
Windows Driver Package - DIABLO (usbser) Ports (01/30/2009 1.1.1.1)
Windows Driver Package - Innovate Motorsports Innovate USB Driver (10/12/2009 1.4.1.0)
WinRAR 4.11 (32-bit)
WinX DVD Ripper Platinum 6.0.0
WIRELESS
Xilisoft Blu Ray Ripper
.
==== Event Viewer Messages From Past Week ========
.
12/21/2012 3:32:44 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
12/20/2012 6:38:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user TommyD-PC\Tommy D SID (S-1-5-21-3609685801-731876030-2350830923-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/20/2012 2:32:41 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/19/2012 4:50:34 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
12/19/2012 4:50:34 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
12/17/2012 8:05:38 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
12/16/2012 8:46:30 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user TommyD-PC\Tommy D SID (S-1-5-21-3609685801-731876030-2350830923-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-22 12:58:54
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-6 WDC_WD1001FALS-00E8B0 rev.05.00K05
Running: dyvpwpp0.exe; Driver: C:\Users\TOMMYD~1\AppData\Local\Temp\fwriipoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x8301BFE2]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [8301BFE2] ZwCreateKey [0x8301BFE2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x8301BFE7]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [8301BFE7] ZwOpenKey [0x8301BFE7]

INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 8301BFF6

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83058A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830924D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 830995F4 3 Bytes [E2, BF, 01]
.text ntkrnlpa.exe!KeRemoveQueueEx + 137F 830997B4 3 Bytes [E7, BF, 01]
.text C:\Windows\system32\drivers\aksfridge.sys section is writeable [0x9E55F000, 0x47E35, 0xE0000020]
.init C:\Windows\system32\drivers\aksfridge.sys entry point in ".init" section [0x9E5B3224]
.init C:\Windows\system32\drivers\aksfridge.sys unknown last code section [0x9E5B3000, 0x4000, 0xE20000E0]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0x9E200400, 0x6E6E2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9E28A820] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9E28A820]
.protectÿÿÿÿhardlockunknown last code section [0x9E28A600, 0x512A, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0x9E28A600, 0x512A, 0xE0000020]
? C:\Users\TOMMYD~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2080] kernel32.dll!LoadLibraryA 77A9DC65 5 Bytes JMP 6DE98360 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2080] kernel32.dll!LoadLibraryW 77A9EF42 5 Bytes JMP 6DE98460 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\program files\real\realplayer\update\realsched.exe[16776] kernel32.dll!SetUnhandledExceptionFilter 77A9F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys
Device \Driver\Disk \Device\Harddisk1\DR1 aksfridge.sys
Device \Driver\Disk \Device\Harddisk2\DR2 aksfridge.sys
Device \Driver\Disk \Device\Harddisk3\DR3 aksfridge.sys
Device \Driver\Disk \Device\Harddisk4\DR4 aksfridge.sys

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

---- EOF - GMER 1.0.15 ----
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the
    icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
 

mrhead

Thread Starter
Joined
Apr 1, 2007
Messages
8
ComboFix 12-12-28.02 - Tommy D 12/28/2012 13:30:20.4.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.1771 [GMT -5:00]
Running from: c:\users\Tommy D\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
c:\users\Tommy D\AppData\Local\assembly\tmp
c:\users\Tommy D\AppData\Roaming\Irciy\qoqe.exe
c:\users\Tommy D\g2mdlhlpx.exe
c:\windows\7Loader.TAG
c:\windows\system32\logs
c:\windows\system32\SET2B37.tmp
c:\windows\system32\SET2C24.tmp
F:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-28 )))))))))))))))))))))))))))))))
.
.
2012-12-21 08:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 08:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-20 19:29 . 2012-12-20 19:29 -------- d-----w- c:\users\Tommy D\AppData\Local\VS Revo Group
2012-12-20 19:29 . 2009-12-30 16:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-12-20 19:29 . 2012-12-20 19:29 -------- d-----w- c:\program files\VS Revo Group
2012-12-19 12:09 . 2012-11-22 00:43 100216 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-12-14 16:13 . 2012-12-14 16:17 -------- d-----w- c:\program files\AOL Toolbar
2012-12-12 14:48 . 2012-10-04 16:47 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-12-12 14:47 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 14:47 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-11-30 22:28 . 2012-11-30 22:28 -------- d-----w- c:\users\Tommy D\AppData\Roaming\ShopAtHome
2012-11-29 04:29 . 2012-04-20 21:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 12:37 . 2012-04-03 13:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 12:37 . 2012-04-03 13:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-09 11:56 . 2012-04-03 11:46 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 11:53 . 2012-04-03 11:46 210136 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-11-09 11:53 . 2012-04-03 11:39 167344 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 11:52 . 2012-04-03 11:46 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 11:52 . 2012-04-03 11:46 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 11:51 . 2011-10-15 16:16 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 11:50 . 2012-04-03 11:46 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 11:50 . 2012-04-03 11:46 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 11:49 . 2012-04-03 11:46 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 11:49 . 2011-10-15 16:16 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-10-31 20:10 . 2012-10-31 20:10 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-10-31 20:10 . 2012-10-31 20:10 138056 ----a-w- c:\windows\system32\atl100.dll
2012-10-16 07:39 . 2012-11-27 20:56 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 02:15 . 2012-10-11 02:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:15 . 2012-10-11 02:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:14 . 2012-10-11 02:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-11 02:14 . 2009-07-13 22:09 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-11 02:14 . 2012-10-11 02:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:14 . 2012-10-11 02:14 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-11 02:14 . 2012-10-11 02:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:14 . 2012-10-11 02:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:14 . 2012-10-11 02:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-11 02:14 . 2012-02-10 02:43 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-11 02:14 . 2012-10-11 02:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:14 . 2012-10-11 02:14 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-09 17:40 . 2012-11-15 07:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 07:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-03 16:58 . 2012-11-15 07:31 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-15 07:31 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-15 07:31 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-15 07:31 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 07:31 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-15 07:31 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-15 07:31 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-15 07:31 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 19:29 . 2012-11-18 08:02 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29 . 2012-11-18 08:02 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29 . 2012-11-18 08:02 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:29 . 2012-11-18 08:02 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29 . 2012-11-18 08:02 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28 . 2012-11-18 08:02 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}]
2012-10-18 16:10 2572728 ----a-w- c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll" [2012-10-18 2572728]
.
[HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll" [2012-10-18 2572728]
.
[HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-12-12 3541008]
"tcactive"="c:\program files\The Cleaner\tcap.exe" [2012-08-05 4769384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-23 5550984]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-08-16 296096]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"ShopAtHomeWatcher"="c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [2012-10-18 103864]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
What's my computer doing.lnk - c:\program files\What's my computer doing\WhatsMyComputerDoing.exe [2012-9-6 274168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2011-09-23 00:30 394832 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2012-07-02 19:46 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor]
2011-09-22 20:00 2536760 ----a-w- c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]
R3 ubloxusb;ubloxusb;c:\windows\system32\DRIVERS\ubloxusb.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 pcCMService;pcCMService;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 pcServiceHost;pcServiceHost;c:\program files\Common Files\Motive\pcServiceHost.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 SCTDriverV1011;SCTDriverV1011;c:\windows\system32\drivers\SCTDriverV1011.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 19:40 453736 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 12:37]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 10:25]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 10:25]
.
2012-12-27 c:\windows\Tasks\ReclaimerUpdateFiles_Tommy D.job
- c:\users\Tommy D\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 23:24]
.
2012-12-28 c:\windows\Tasks\ReclaimerUpdateXML_Tommy D.job
- c:\users\Tommy D\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 23:24]
.
2012-12-28 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Tommy D.job
- c:\users\Tommy D\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 23:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
HKCU-Run-{6FAFC93D-808D-9A63-41E3-34FE375B2526} - c:\users\Tommy D\AppData\Roaming\Irciy\qoqe.exe
MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3609685801-731876030-2350830923-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):73,4b,fb,ac,c3,02,13,a2,a8,7d,86,bc,d9,57,82,61,33,e0,89,60,1f,
da,75,d8,fe,00,79,0a,2a,18,e0,0b,c6,1c,4e,4c,b8,56,f0,72,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3609685801-731876030-2350830923-1001_Classes\CLSID\{f5181c58-41af-4b42-bc27-c653326313e2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e5
"Therad"=dword:00000021
"MData"=hex(0):93,1e,cb,fa,6f,65,9c,3b,a5,db,13,73,e0,a0,de,de,a7,89,52,79,16,
c8,60,29,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-28 13:39:04
ComboFix-quarantined-files.txt 2012-12-28 18:39
.
Pre-Run: 936,769,835,008 bytes free
Post-Run: 937,793,421,312 bytes free
.
- - End Of File - - 6ADDF9E841C64B0DFE872CE31B189194
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Continue as follows:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
File::
c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
ClearJavaCache::
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found
If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
close program
copy and paste the report here

Next,

download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Post those 3 log, give an update on any remaining issues or concerns...

Kevin
 

mrhead

Thread Starter
Joined
Apr 1, 2007
Messages
8
ComboFix 12-12-28.02 - Tommy D 12/28/2012 16:23:06.5.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.2011 [GMT -5:00]
Running from: c:\users\Tommy D\Desktop\ComboFix.exe
Command switches used :: c:\users\Tommy D\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-28 )))))))))))))))))))))))))))))))
.
.
2012-12-28 21:29 . 2012-12-28 21:29 -------- d-----w- c:\users\Tommy D\AppData\Local\temp
2012-12-21 08:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 08:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-20 19:29 . 2012-12-20 19:29 -------- d-----w- c:\users\Tommy D\AppData\Local\VS Revo Group
2012-12-20 19:29 . 2009-12-30 16:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-12-20 19:29 . 2012-12-20 19:29 -------- d-----w- c:\program files\VS Revo Group
2012-12-19 12:09 . 2012-11-22 00:43 100216 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-12-14 16:13 . 2012-12-14 16:17 -------- d-----w- c:\program files\AOL Toolbar
2012-12-12 14:48 . 2012-10-04 16:47 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-12-12 14:47 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 14:47 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-11-30 22:28 . 2012-11-30 22:28 -------- d-----w- c:\users\Tommy D\AppData\Roaming\ShopAtHome
2012-11-29 04:29 . 2012-04-20 21:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 12:37 . 2012-04-03 13:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 12:37 . 2012-04-03 13:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-09 11:56 . 2012-04-03 11:46 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 11:53 . 2012-04-03 11:46 210136 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-11-09 11:53 . 2012-04-03 11:39 167344 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 11:52 . 2012-04-03 11:46 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 11:52 . 2012-04-03 11:46 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 11:51 . 2011-10-15 16:16 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 11:50 . 2012-04-03 11:46 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 11:50 . 2012-04-03 11:46 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 11:49 . 2012-04-03 11:46 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 11:49 . 2011-10-15 16:16 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-10-31 20:10 . 2012-10-31 20:10 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-10-31 20:10 . 2012-10-31 20:10 138056 ----a-w- c:\windows\system32\atl100.dll
2012-10-16 07:39 . 2012-11-27 20:56 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 02:15 . 2012-10-11 02:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:15 . 2012-10-11 02:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:14 . 2012-10-11 02:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-11 02:14 . 2009-07-13 22:09 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-11 02:14 . 2012-10-11 02:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:14 . 2012-10-11 02:14 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-11 02:14 . 2012-10-11 02:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:14 . 2012-10-11 02:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:14 . 2012-10-11 02:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-11 02:14 . 2012-02-10 02:43 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-11 02:14 . 2012-10-11 02:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:14 . 2012-10-11 02:14 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-09 17:40 . 2012-11-15 07:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 07:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-03 16:58 . 2012-11-15 07:31 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-15 07:31 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-15 07:31 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-15 07:31 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 07:31 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-15 07:31 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-15 07:31 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-15 07:31 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 19:29 . 2012-11-18 08:02 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29 . 2012-11-18 08:02 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29 . 2012-11-18 08:02 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:29 . 2012-11-18 08:02 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29 . 2012-11-18 08:02 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28 . 2012-11-18 08:02 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-12-12 3541008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-23 5550984]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-08-16 296096]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"ShopAtHomeWatcher"="c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [2012-10-18 103864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2011-09-23 00:30 394832 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2012-07-02 19:46 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor]
2011-09-22 20:00 2536760 ----a-w- c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]
R3 ubloxusb;ubloxusb;c:\windows\system32\DRIVERS\ubloxusb.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 SCTDriverV1011;SCTDriverV1011;c:\windows\system32\drivers\SCTDriverV1011.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 19:40 453736 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 12:37]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 10:25]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 10:25]
.
2012-12-27 c:\windows\Tasks\ReclaimerUpdateFiles_Tommy D.job
- c:\users\Tommy D\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 23:24]
.
2012-12-28 c:\windows\Tasks\ReclaimerUpdateXML_Tommy D.job
- c:\users\Tommy D\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 23:24]
.
2012-12-28 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Tommy D.job
- c:\users\Tommy D\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 23:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{66516A07-F617-488A-90CF-4E690CFB3C5F} - c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
Toolbar-{311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
WebBrowser-{311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
AddRemove-ATT-SST-UversePortal - c:\program files\ATT-SST\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3609685801-731876030-2350830923-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):73,4b,fb,ac,c3,02,13,a2,a8,7d,86,bc,d9,57,82,61,33,e0,89,60,1f,
da,75,d8,fe,00,79,0a,2a,18,e0,0b,c6,1c,4e,4c,b8,56,f0,72,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3609685801-731876030-2350830923-1001_Classes\CLSID\{f5181c58-41af-4b42-bc27-c653326313e2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e5
"Therad"=dword:00000021
"MData"=hex(0):93,1e,cb,fa,6f,65,9c,3b,a5,db,13,73,e0,a0,de,de,a7,89,52,79,16,
c8,60,29,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-28 16:30:20
ComboFix-quarantined-files.txt 2012-12-28 21:30
.
Pre-Run: 951,200,628,736 bytes free
Post-Run: 950,919,213,056 bytes free
.
- - End Of File - - F84FB5B29FB3162A9A2C4D31F4123346

G:\Automotive_-_ALLDATA_Q111_v_10_40_FULL_INSTALL_PACKAGE.exe Win32/Adware.1ClickDownload application
G:\RecipeHub.exe Win32/AdInstaller application
G:\TotalRecipeSearch.exe Win32/AdInstaller application

# AdwCleaner v2.103 - Logfile created 12/28/2012 at 17:28:56
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Tommy D - TOMMYD-PC
# Boot Mode : Normal
# Running from : C:\Users\Tommy D\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Tommy D\AppData\Local\Conduit
Folder Deleted : C:\Users\Tommy D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Users\Tommy D\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\076A5638850BB660C9206283848DD0A114C03B7F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Tommy D\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5568 octets] - [28/12/2012 17:28:56]

########## EOF - C:\AdwCleaner[S1].txt - [5628 octets] ##########

So far so good. It's definitely better. You have helped alot.
Thanks...
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
download OTM from either of the following links and save to your Desktop:
http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe
Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Files
    G:\Automotive_-_ALLDATA_Q111_v_10_40_FULL_INSTALL_PACKAGE.exe
    G:\RecipeHub.exe
    G:\TotalRecipeSearch.exe
    :Commands
    [EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red
    button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post those two logs, let me know if there are any remaining issues or concerns...

Kevin
 

mrhead

Thread Starter
Joined
Apr 1, 2007
Messages
8
Kevin,

McAfee quarantined OTM as a virus, but I'm not concerned about those in my G drive as it is an external drive. Here is the security check log.

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.0006)
JavaFX 2.1.1
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
OTM is not a Virus, some security applications may see it as such because of how it will work. Either accept the alert from McAfee and let OTM run, or turn McAfee off, then run OTM...
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top