1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PC slow & browser crashes:

Discussion in 'Virus & Other Malware Removal' started by mrhead, Dec 22, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. mrhead

    mrhead Thread Starter

    Joined:
    Apr 1, 2007
    Messages:
    8
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 32 bit
    Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz, x64 Family 6 Model 30 Stepping 5
    Processor Count: 4
    RAM: 3063 Mb
    Graphics Card: NVIDIA GeForce 9500 GT, 1024 Mb
    Hard Drives: C: Total - 953866 MB, Free - 892999 MB; D: Total - 61057 MB, Free - 60965 MB; F: Total - 2384654 MB, Free - 363700 MB; G: Total - 190779 MB, Free - 69943 MB;
    Motherboard: BIOSTAR Group, T5XE CFX-SLI
    Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:24:30 PM, on 12/22/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Browny02\Brother\BrStMonW.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\ATT-SST\McciTrayApp.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Windows\system32\taskhost.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    c:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    F:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: ShopAtHome - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120623074428.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ShopAtHomeWatcher] C:\Users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [tcactive] C:\Program Files\The Cleaner\tcap.exe
    O4 - HKCU\..\Run: [{6FAFC93D-808D-9A63-41E3-34FE375B2526}] "C:\Users\Tommy D\AppData\Roaming\Irciy\qoqe.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-3609685801-731876030-2350830923-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3609685801-731876030-2350830923-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Global Startup: What's my computer doing.lnk = C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\Windows\system32\hasplms.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McciServiceHost - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciServiceHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
    O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcServiceHost.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    --
    End of file - 13907 bytes

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by Tommy D at 12:25:22 on 2012-12-22
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.1931 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\hasplms.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\Common Files\Motive\pcCMService.exe
    C:\Program Files\Common Files\Motive\pcServiceHost.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Browny02\Brother\BrStMonW.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\ATT-SST\McciTrayApp.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\Browny02\BrYNSvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    c:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\svchost.exe -k SDRSVC
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://att.yahoo.com/
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: ShopAtHome.com Cash Back Helper: {66516A07-F617-488A-90CF-4E690CFB3C5F} - c:\users\tommy d\appdata\roaming\shopathome\shopathometoolbar\tbcore3U.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120623074428.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\users\tommy d\appdata\roaming\shopathome\shopathometoolbar\tbcore3U.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\users\tommy d\appdata\roaming\shopathome\shopathometoolbar\tbcore3U.dll
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    uRun: [tcactive] c:\program files\the cleaner\tcap.exe
    uRun: [{6FAFC93D-808D-9A63-41E3-34FE375B2526}] "c:\users\tommy d\appdata\roaming\irciy\qoqe.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
    mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
    mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [ShopAtHomeWatcher] c:\users\tommy d\appdata\roaming\shopathome\shopathomehelper\ShopAtHomeWatcher.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\what's~1.lnk - c:\program files\what's my computer doing\WhatsMyComputerDoing.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    Trusted Zone: $talisma_url$
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{1BDE4D9C-A1DA-4CBE-9782-365279697A4C} : DHCPNameServer = 192.168.1.254
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 565352]
    R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-4-3 210136]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2012-4-15 752128]
    R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2012-4-15 3246040]
    R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
    R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-12-19 100216]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-11-28 167784]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-11-28 167784]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-11-28 167784]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-11-28 167784]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-4-3 203400]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-4-3 168880]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-4-3 167344]
    R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-9-24 361472]
    R2 pcServiceHost;pcServiceHost;c:\program files\common files\motive\pcServiceHost.exe [2012-9-24 342016]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-3-30 681016]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2012-4-15 167968]
    R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2010-1-19 71424]
    R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2010-1-19 11520]
    R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-4-3 245760]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-4-3 60480]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-4-3 234824]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-4-3 362640]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
    R3 SCTDriverV1011;SCTDriverV1011;c:\windows\system32\drivers\SCTDriverV1011.sys [2010-5-10 202800]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2012-5-8 315392]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-11-28 146872]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-4-3 65488]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-4-3 92192]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
    S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-8-17 15576]
    S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-8-17 10200]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-4-3 15872]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-12-20 27192]
    S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-3-30 1295416]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-4-4 52224]
    S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [2011-11-30 75264]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-4-4 1343400]
    S4 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-7-22 625816]
    .
    =============== Created Last 30 ================
    .
    2012-12-21 08:00:44 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 08:00:44 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-20 19:29:50 -------- d-----w- c:\users\tommy d\appdata\local\VS Revo Group
    2012-12-20 19:29:47 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-12-20 19:29:45 -------- d-----w- c:\program files\VS Revo Group
    2012-12-19 12:09:18 100216 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    2012-12-14 16:13:54 -------- d-----w- c:\program files\AOL Toolbar
    2012-12-12 14:47:31 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-12-12 14:47:29 376832 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-30 22:28:44 -------- d-----w- c:\users\tommy d\appdata\roaming\ShopAtHome
    2012-11-29 04:29:29 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    .
    ==================== Find3M ====================
    .
    2012-12-12 12:37:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-12 12:37:30 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-09 11:56:16 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-11-09 11:53:32 210136 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-11-09 11:53:22 167344 ----a-w- c:\windows\system32\mfevtps.exe
    2012-11-09 11:52:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-11-09 11:52:12 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-11-09 11:51:12 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-11-09 11:50:20 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-11-09 11:50:00 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2012-11-09 11:49:40 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-11-09 11:49:10 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-10-31 20:10:14 773968 ----a-w- c:\windows\system32\msvcr100.dll
    2012-10-31 20:10:14 138056 ----a-w- c:\windows\system32\atl100.dll
    2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-11 02:15:04 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-10-11 02:15:00 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-10-11 02:14:50 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
    2012-10-11 02:14:50 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-10-11 02:14:46 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-10-11 02:14:44 2428776 ----a-w- c:\windows\system32\nvapi.dll
    2012-10-11 02:14:42 7697768 ----a-w- c:\windows\system32\nvcuda.dll
    2012-10-11 02:14:28 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-10-11 02:14:22 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
    2012-10-11 02:14:22 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-10-11 02:14:16 6127464 ----a-w- c:\windows\system32\nvopencl.dll
    2012-10-11 02:14:16 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-10-03 16:58:30 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-10-03 16:42:26 52224 ----a-w- c:\windows\system32\nlaapi.dll
    2012-10-03 16:42:26 242176 ----a-w- c:\windows\system32\nlasvc.dll
    2012-10-03 16:42:24 18944 ----a-w- c:\windows\system32\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- c:\windows\system32\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- c:\windows\system32\ncsi.dll
    2012-10-03 16:40:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-10-03 15:21:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2012-10-02 19:29:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-10-02 19:29:41 62312 ----a-w- c:\windows\system32\nvshext.dll
    2012-10-02 19:29:41 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-10-02 19:29:41 108392 ----a-w- c:\windows\system32\nvmctray.dll
    2012-10-02 19:29:22 2853224 ----a-w- c:\windows\system32\nvsvc.dll
    2012-10-02 19:28:53 3965288 ----a-w- c:\windows\system32\nvcpl.dll
    2012-10-02 18:15:52 430952 ----a-w- c:\windows\system32\nvStreaming.exe
    2012-09-25 22:47:43 78336 ----a-w- c:\windows\system32\synceng.dll
    2012-09-25 03:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    .
    ============= FINISH: 12:26:14.71 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/3/2012 7:12:01 AM
    System Uptime: 12/21/2012 3:09:06 AM (33 hours ago)
    .
    Motherboard: BIOSTAR Group | | T5XE CFX-SLI
    Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | CPU 1 | 2507/133mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 932 GiB total, 872.072 GiB free.
    D: is FIXED (NTFS) - 60 GiB total, 59.537 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 2329 GiB total, 355.177 GiB free.
    G: is FIXED (NTFS) - 186 GiB total, 68.304 GiB free.
    H: is Removable
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP177: 12/13/2012 4:56:27 AM - Windows Update
    RP178: 12/16/2012 7:00:17 PM - Windows Backup
    RP179: 12/21/2012 3:00:12 AM - Windows Update
    RP181: 12/21/2012 2:56:46 PM - Revo Uninstaller Pro's restore point - OnDemand5
    RP183: 12/21/2012 3:22:42 PM - Installed OnDemand5
    RP184: 12/21/2012 3:41:26 PM - Installed ALLDATA Repair
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Acronis*True*Image*Home 2011
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Adobe SVG Viewer 3.0
    Adobe Widget Browser
    Angry Birds HD for PC Premium Collection of 2012 Full
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    Ashampoo Burning Studio 9.20
    AT&T Portal
    AT&T Troubleshoot & Resolve Tool
    Avery Wizard 4.0
    BitPim 1.0.7
    Bonjour
    Brother MFL-Pro Suite MFC-J615W
    CCleaner
    CCScore
    Compatibility Pack for the 2007 Office system
    Corvette Screensaver C1-C6
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DSDownloader 2.2.2.6
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    FNC 11 Installer
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 5.1.0.880
    iCare Data Recovery Professional 4.6.4
    Internet Download Manager
    Internet Explorer (Enable DEP)
    iTunes
    Java 7 Update 9
    Java Auto Updater
    JavaFX 2.1.1
    Kodak EasyShare software
    LG USB Modem driver
    LightScribe System Software
    LightScribe Template Labeler
    Mac Blu-ray Player
    McAfee SecurityCenter
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft DirectX SDK (June 2010)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    MiniTool Partition Wizard Home Edition 7.5
    Monster Resume Easy Submit
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    netbrdg
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    OfotoXMI
    OnDemand5
    Pandora Service
    PaperPort Image Printer
    Plus Pack for Acronis True Image Home 2011
    PxMergeModule
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Revo Uninstaller Pro 2.5.8
    ScanSoft PaperPort 11
    SCT Device Updater
    SCTDriversV1011x86
    Secunia PSI (3.0.0.0006)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    SFR
    Shared C Run-time for x86
    SHASTA
    ShopAtHome.com Helper
    ShopAtHome.com Toolbar
    skin0001
    SKINXSDK
    SkyTrx 2006
    staticcr
    swMSM
    The Cleaner 2012
    The KMPlayer (remove only)
    Trinity USB Drivers 1.1.1.1
    UltraISO Premium V9.33
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    VCM Suite (Beta)
    VPRINTOL
    What's my computer doing 1.xx
    Windows Driver Package - DIABLO (usbser) Ports (01/30/2009 1.1.1.1)
    Windows Driver Package - Innovate Motorsports Innovate USB Driver (10/12/2009 1.4.1.0)
    WinRAR 4.11 (32-bit)
    WinX DVD Ripper Platinum 6.0.0
    WIRELESS
    Xilisoft Blu Ray Ripper
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/21/2012 3:32:44 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    12/20/2012 6:38:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user TommyD-PC\Tommy D SID (S-1-5-21-3609685801-731876030-2350830923-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    12/20/2012 2:32:41 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/19/2012 4:50:34 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    12/19/2012 4:50:34 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    12/17/2012 8:05:38 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
    12/16/2012 8:46:30 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user TommyD-PC\Tommy D SID (S-1-5-21-3609685801-731876030-2350830923-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-12-22 12:58:54
    Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-6 WDC_WD1001FALS-00E8B0 rev.05.00K05
    Running: dyvpwpp0.exe; Driver: C:\Users\TOMMYD~1\AppData\Local\Temp\fwriipoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x8301BFE2]
    SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [8301BFE2] ZwCreateKey [0x8301BFE2]
    SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x8301BFE7]
    SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [8301BFE7] ZwOpenKey [0x8301BFE7]

    INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 8301BFF6

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83058A49 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830924D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 830995F4 3 Bytes [E2, BF, 01]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 137F 830997B4 3 Bytes [E7, BF, 01]
    .text C:\Windows\system32\drivers\aksfridge.sys section is writeable [0x9E55F000, 0x47E35, 0xE0000020]
    .init C:\Windows\system32\drivers\aksfridge.sys entry point in ".init" section [0x9E5B3224]
    .init C:\Windows\system32\drivers\aksfridge.sys unknown last code section [0x9E5B3000, 0x4000, 0xE20000E0]
    .text C:\Windows\system32\drivers\hardlock.sys section is writeable [0x9E200400, 0x6E6E2, 0xE8000020]
    .protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9E28A820] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9E28A820]
    .protectÿÿÿÿhardlockunknown last code section [0x9E28A600, 0x512A, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0x9E28A600, 0x512A, 0xE0000020]
    ? C:\Users\TOMMYD~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2080] kernel32.dll!LoadLibraryA 77A9DC65 5 Bytes JMP 6DE98360 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2080] kernel32.dll!LoadLibraryW 77A9EF42 5 Bytes JMP 6DE98460 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\program files\real\realplayer\update\realsched.exe[16776] kernel32.dll!SetUnhandledExceptionFilter 77A9F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

    Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys
    Device \Driver\Disk \Device\Harddisk1\DR1 aksfridge.sys
    Device \Driver\Disk \Device\Harddisk2\DR2 aksfridge.sys
    Device \Driver\Disk \Device\Harddisk3\DR3 aksfridge.sys
    Device \Driver\Disk \Device\Harddisk4\DR4 aksfridge.sys

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

    ---- EOF - GMER 1.0.15 ----
     
  2. mrhead

    mrhead Thread Starter

    Joined:
    Apr 1, 2007
    Messages:
    8
    96 views & no replies? Please take a look. Thanks....
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  4. mrhead

    mrhead Thread Starter

    Joined:
    Apr 1, 2007
    Messages:
    8
    ComboFix 12-12-28.02 - Tommy D 12/28/2012 13:30:20.4.4 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.1771 [GMT -5:00]
    Running from: c:\users\Tommy D\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Public\sdelevURL.tmp
    c:\users\Tommy D\AppData\Local\assembly\tmp
    c:\users\Tommy D\AppData\Roaming\Irciy\qoqe.exe
    c:\users\Tommy D\g2mdlhlpx.exe
    c:\windows\7Loader.TAG
    c:\windows\system32\logs
    c:\windows\system32\SET2B37.tmp
    c:\windows\system32\SET2C24.tmp
    F:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-21 08:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 08:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-20 19:29 . 2012-12-20 19:29 -------- d-----w- c:\users\Tommy D\AppData\Local\VS Revo Group
    2012-12-20 19:29 . 2009-12-30 16:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-12-20 19:29 . 2012-12-20 19:29 -------- d-----w- c:\program files\VS Revo Group
    2012-12-19 12:09 . 2012-11-22 00:43 100216 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    2012-12-14 16:13 . 2012-12-14 16:17 -------- d-----w- c:\program files\AOL Toolbar
    2012-12-12 14:48 . 2012-10-04 16:47 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-12-12 14:47 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-12-12 14:47 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-30 22:28 . 2012-11-30 22:28 -------- d-----w- c:\users\Tommy D\AppData\Roaming\ShopAtHome
    2012-11-29 04:29 . 2012-04-20 21:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-12 12:37 . 2012-04-03 13:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-12 12:37 . 2012-04-03 13:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-09 11:56 . 2012-04-03 11:46 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-11-09 11:53 . 2012-04-03 11:46 210136 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-11-09 11:53 . 2012-04-03 11:39 167344 ----a-w- c:\windows\system32\mfevtps.exe
    2012-11-09 11:52 . 2012-04-03 11:46 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-11-09 11:52 . 2012-04-03 11:46 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-11-09 11:51 . 2011-10-15 16:16 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-11-09 11:50 . 2012-04-03 11:46 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-11-09 11:50 . 2012-04-03 11:46 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2012-11-09 11:49 . 2012-04-03 11:46 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-11-09 11:49 . 2011-10-15 16:16 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-10-31 20:10 . 2012-10-31 20:10 773968 ----a-w- c:\windows\system32\msvcr100.dll
    2012-10-31 20:10 . 2012-10-31 20:10 138056 ----a-w- c:\windows\system32\atl100.dll
    2012-10-16 07:39 . 2012-11-27 20:56 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-11 02:15 . 2012-10-11 02:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-10-11 02:15 . 2012-10-11 02:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-10-11 02:14 . 2012-10-11 02:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
    2012-10-11 02:14 . 2009-07-13 22:09 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-10-11 02:14 . 2012-10-11 02:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-10-11 02:14 . 2012-10-11 02:14 2428776 ----a-w- c:\windows\system32\nvapi.dll
    2012-10-11 02:14 . 2012-10-11 02:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll
    2012-10-11 02:14 . 2012-10-11 02:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-10-11 02:14 . 2012-10-11 02:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
    2012-10-11 02:14 . 2012-02-10 02:43 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-10-11 02:14 . 2012-10-11 02:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll
    2012-10-11 02:14 . 2012-10-11 02:14 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-10-09 17:40 . 2012-11-15 07:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-15 07:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-03 16:58 . 2012-11-15 07:31 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-10-03 16:42 . 2012-11-15 07:31 242176 ----a-w- c:\windows\system32\nlasvc.dll
    2012-10-03 16:42 . 2012-11-15 07:31 52224 ----a-w- c:\windows\system32\nlaapi.dll
    2012-10-03 16:42 . 2012-11-15 07:31 175104 ----a-w- c:\windows\system32\netcorehc.dll
    2012-10-03 16:42 . 2012-11-15 07:31 18944 ----a-w- c:\windows\system32\netevent.dll
    2012-10-03 16:42 . 2012-11-15 07:31 156672 ----a-w- c:\windows\system32\ncsi.dll
    2012-10-03 16:40 . 2012-11-15 07:31 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-10-03 15:21 . 2012-11-15 07:31 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2012-10-02 19:29 . 2012-11-18 08:02 645992 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-10-02 19:29 . 2012-11-18 08:02 62312 ----a-w- c:\windows\system32\nvshext.dll
    2012-10-02 19:29 . 2012-11-18 08:02 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-10-02 19:29 . 2012-11-18 08:02 108392 ----a-w- c:\windows\system32\nvmctray.dll
    2012-10-02 19:29 . 2012-11-18 08:02 2853224 ----a-w- c:\windows\system32\nvsvc.dll
    2012-10-02 19:28 . 2012-11-18 08:02 3965288 ----a-w- c:\windows\system32\nvcpl.dll
    2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}]
    2012-10-18 16:10 2572728 ----a-w- c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll" [2012-10-18 2572728]
    .
    [HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]
    [HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll" [2012-10-18 2572728]
    .
    [HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]
    [HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-12-12 3541008]
    "tcactive"="c:\program files\The Cleaner\tcap.exe" [2012-08-05 4769384]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
    "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-23 5550984]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-08-16 296096]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "ShopAtHomeWatcher"="c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [2012-10-18 103864]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    What's my computer doing.lnk - c:\program files\What's my computer doing\WhatsMyComputerDoing.exe [2012-9-6 274168]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    2011-09-23 00:30 394832 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2012-07-02 19:46 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor]
    2011-09-22 20:00 2536760 ----a-w- c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [x]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
    R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]
    R3 ubloxusb;ubloxusb;c:\windows\system32\DRIVERS\ubloxusb.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
    S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 pcCMService;pcCMService;c:\program files\Common Files\Motive\pcCMService.exe [x]
    S2 pcServiceHost;pcServiceHost;c:\program files\Common Files\Motive\pcServiceHost.exe [x]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
    S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
    S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
    S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 SCTDriverV1011;SCTDriverV1011;c:\windows\system32\drivers\SCTDriverV1011.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2012-07-02 19:40 453736 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 12:37]
    .
    2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 10:25]
    .
    2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 10:25]
    .
    2012-12-27 c:\windows\Tasks\ReclaimerUpdateFiles_Tommy D.job
    - c:\users\Tommy D\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 23:24]
    .
    2012-12-28 c:\windows\Tasks\ReclaimerUpdateXML_Tommy D.job
    - c:\users\Tommy D\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 23:24]
    .
    2012-12-28 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Tommy D.job
    - c:\users\Tommy D\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 23:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://att.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: $talisma_url$
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    HKCU-Run-{6FAFC93D-808D-9A63-41E3-34FE375B2526} - c:\users\Tommy D\AppData\Roaming\Irciy\qoqe.exe
    MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3609685801-731876030-2350830923-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):73,4b,fb,ac,c3,02,13,a2,a8,7d,86,bc,d9,57,82,61,33,e0,89,60,1f,
    da,75,d8,fe,00,79,0a,2a,18,e0,0b,c6,1c,4e,4c,b8,56,f0,72,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3609685801-731876030-2350830923-1001_Classes\CLSID\{f5181c58-41af-4b42-bc27-c653326313e2}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:000000e5
    "Therad"=dword:00000021
    "MData"=hex(0):93,1e,cb,fa,6f,65,9c,3b,a5,db,13,73,e0,a0,de,de,a7,89,52,79,16,
    c8,60,29,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-12-28 13:39:04
    ComboFix-quarantined-files.txt 2012-12-28 18:39
    .
    Pre-Run: 936,769,835,008 bytes free
    Post-Run: 937,793,421,312 bytes free
    .
    - - End Of File - - 6ADDF9E841C64B0DFE872CE31B189194
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Continue as follows:

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    File::
    c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    ClearJavaCache::
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Next,

    download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Post those 3 log, give an update on any remaining issues or concerns...

    Kevin
     
  6. mrhead

    mrhead Thread Starter

    Joined:
    Apr 1, 2007
    Messages:
    8
    ComboFix 12-12-28.02 - Tommy D 12/28/2012 16:23:06.5.4 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.2011 [GMT -5:00]
    Running from: c:\users\Tommy D\Desktop\ComboFix.exe
    Command switches used :: c:\users\Tommy D\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-28 21:29 . 2012-12-28 21:29 -------- d-----w- c:\users\Tommy D\AppData\Local\temp
    2012-12-21 08:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 08:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-20 19:29 . 2012-12-20 19:29 -------- d-----w- c:\users\Tommy D\AppData\Local\VS Revo Group
    2012-12-20 19:29 . 2009-12-30 16:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-12-20 19:29 . 2012-12-20 19:29 -------- d-----w- c:\program files\VS Revo Group
    2012-12-19 12:09 . 2012-11-22 00:43 100216 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    2012-12-14 16:13 . 2012-12-14 16:17 -------- d-----w- c:\program files\AOL Toolbar
    2012-12-12 14:48 . 2012-10-04 16:47 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-12-12 14:47 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-12-12 14:47 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-30 22:28 . 2012-11-30 22:28 -------- d-----w- c:\users\Tommy D\AppData\Roaming\ShopAtHome
    2012-11-29 04:29 . 2012-04-20 21:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-12 12:37 . 2012-04-03 13:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-12 12:37 . 2012-04-03 13:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-09 11:56 . 2012-04-03 11:46 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-11-09 11:53 . 2012-04-03 11:46 210136 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-11-09 11:53 . 2012-04-03 11:39 167344 ----a-w- c:\windows\system32\mfevtps.exe
    2012-11-09 11:52 . 2012-04-03 11:46 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-11-09 11:52 . 2012-04-03 11:46 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-11-09 11:51 . 2011-10-15 16:16 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-11-09 11:50 . 2012-04-03 11:46 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-11-09 11:50 . 2012-04-03 11:46 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2012-11-09 11:49 . 2012-04-03 11:46 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-11-09 11:49 . 2011-10-15 16:16 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-10-31 20:10 . 2012-10-31 20:10 773968 ----a-w- c:\windows\system32\msvcr100.dll
    2012-10-31 20:10 . 2012-10-31 20:10 138056 ----a-w- c:\windows\system32\atl100.dll
    2012-10-16 07:39 . 2012-11-27 20:56 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-11 02:15 . 2012-10-11 02:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-10-11 02:15 . 2012-10-11 02:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-10-11 02:14 . 2012-10-11 02:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
    2012-10-11 02:14 . 2009-07-13 22:09 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-10-11 02:14 . 2012-10-11 02:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-10-11 02:14 . 2012-10-11 02:14 2428776 ----a-w- c:\windows\system32\nvapi.dll
    2012-10-11 02:14 . 2012-10-11 02:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll
    2012-10-11 02:14 . 2012-10-11 02:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-10-11 02:14 . 2012-10-11 02:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
    2012-10-11 02:14 . 2012-02-10 02:43 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-10-11 02:14 . 2012-10-11 02:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll
    2012-10-11 02:14 . 2012-10-11 02:14 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-10-09 17:40 . 2012-11-15 07:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-15 07:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-03 16:58 . 2012-11-15 07:31 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-10-03 16:42 . 2012-11-15 07:31 242176 ----a-w- c:\windows\system32\nlasvc.dll
    2012-10-03 16:42 . 2012-11-15 07:31 52224 ----a-w- c:\windows\system32\nlaapi.dll
    2012-10-03 16:42 . 2012-11-15 07:31 175104 ----a-w- c:\windows\system32\netcorehc.dll
    2012-10-03 16:42 . 2012-11-15 07:31 18944 ----a-w- c:\windows\system32\netevent.dll
    2012-10-03 16:42 . 2012-11-15 07:31 156672 ----a-w- c:\windows\system32\ncsi.dll
    2012-10-03 16:40 . 2012-11-15 07:31 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-10-03 15:21 . 2012-11-15 07:31 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2012-10-02 19:29 . 2012-11-18 08:02 645992 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-10-02 19:29 . 2012-11-18 08:02 62312 ----a-w- c:\windows\system32\nvshext.dll
    2012-10-02 19:29 . 2012-11-18 08:02 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-10-02 19:29 . 2012-11-18 08:02 108392 ----a-w- c:\windows\system32\nvmctray.dll
    2012-10-02 19:29 . 2012-11-18 08:02 2853224 ----a-w- c:\windows\system32\nvsvc.dll
    2012-10-02 19:28 . 2012-11-18 08:02 3965288 ----a-w- c:\windows\system32\nvcpl.dll
    2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-12-12 3541008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
    "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-23 5550984]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-08-16 296096]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "ShopAtHomeWatcher"="c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [2012-10-18 103864]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    2011-09-23 00:30 394832 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2012-07-02 19:46 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor]
    2011-09-22 20:00 2536760 ----a-w- c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [x]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
    R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]
    R3 ubloxusb;ubloxusb;c:\windows\system32\DRIVERS\ubloxusb.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
    S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
    S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
    S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
    S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 SCTDriverV1011;SCTDriverV1011;c:\windows\system32\drivers\SCTDriverV1011.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2012-07-02 19:40 453736 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 12:37]
    .
    2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 10:25]
    .
    2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 10:25]
    .
    2012-12-27 c:\windows\Tasks\ReclaimerUpdateFiles_Tommy D.job
    - c:\users\Tommy D\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 23:24]
    .
    2012-12-28 c:\windows\Tasks\ReclaimerUpdateXML_Tommy D.job
    - c:\users\Tommy D\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 23:24]
    .
    2012-12-28 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Tommy D.job
    - c:\users\Tommy D\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 23:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://att.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: $talisma_url$
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{66516A07-F617-488A-90CF-4E690CFB3C5F} - c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    Toolbar-{311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    WebBrowser-{311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\users\Tommy D\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    AddRemove-ATT-SST-UversePortal - c:\program files\ATT-SST\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3609685801-731876030-2350830923-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):73,4b,fb,ac,c3,02,13,a2,a8,7d,86,bc,d9,57,82,61,33,e0,89,60,1f,
    da,75,d8,fe,00,79,0a,2a,18,e0,0b,c6,1c,4e,4c,b8,56,f0,72,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3609685801-731876030-2350830923-1001_Classes\CLSID\{f5181c58-41af-4b42-bc27-c653326313e2}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:000000e5
    "Therad"=dword:00000021
    "MData"=hex(0):93,1e,cb,fa,6f,65,9c,3b,a5,db,13,73,e0,a0,de,de,a7,89,52,79,16,
    c8,60,29,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-12-28 16:30:20
    ComboFix-quarantined-files.txt 2012-12-28 21:30
    .
    Pre-Run: 951,200,628,736 bytes free
    Post-Run: 950,919,213,056 bytes free
    .
    - - End Of File - - F84FB5B29FB3162A9A2C4D31F4123346

    G:\Automotive_-_ALLDATA_Q111_v_10_40_FULL_INSTALL_PACKAGE.exe Win32/Adware.1ClickDownload application
    G:\RecipeHub.exe Win32/AdInstaller application
    G:\TotalRecipeSearch.exe Win32/AdInstaller application

    # AdwCleaner v2.103 - Logfile created 12/28/2012 at 17:28:56
    # Updated 25/12/2012 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
    # User : Tommy D - TOMMYD-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Tommy D\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\Users\Tommy D\AppData\Local\Conduit
    Folder Deleted : C:\Users\Tommy D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
    Folder Deleted : C:\Users\Tommy D\AppData\LocalLow\Conduit

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\PIP
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
    Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\076A5638850BB660C9206283848DD0A114C03B7F
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
    Key Deleted : HKLM\Software\PIP

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\Tommy D\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [5568 octets] - [28/12/2012 17:28:56]

    ########## EOF - C:\AdwCleaner[S1].txt - [5628 octets] ##########

    So far so good. It's definitely better. You have helped alot.
    Thanks...
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    download OTM from either of the following links and save to your Desktop:
    http://oldtimer.geekstogo.com/OTM.exe.
    http://www.itxassociates.com/OT-Tools/OTM.com
    http://www.itxassociates.com/OT-Tools/OTM.exe
    Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....
    • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Files
      G:\Automotive_-_ALLDATA_Q111_v_10_40_FULL_INSTALL_PACKAGE.exe
      G:\RecipeHub.exe
      G:\TotalRecipeSearch.exe
      :Commands
      [EmptyTemp]
      
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Post those two logs, let me know if there are any remaining issues or concerns...

    Kevin
     
  8. mrhead

    mrhead Thread Starter

    Joined:
    Apr 1, 2007
    Messages:
    8
    Kevin,

    McAfee quarantined OTM as a virus, but I'm not concerned about those in my G drive as it is an external drive. Here is the security check log.

    Results of screen317's Security Check version 0.99.56
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    McAfee Anti-Virus and Anti-Spyware
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Secunia PSI (3.0.0.0006)
    JavaFX 2.1.1
    Java 7 Update 9
    Adobe Flash Player 11.5.502.135
    Adobe Reader 10.1.4 Adobe Reader out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91
    Google Chrome 23.0.1271.95
    Google Chrome 23.0.1271.97
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OTM is not a Virus, some security applications may see it as such because of how it will work. Either accept the alert from McAfee and let OTM run, or turn McAfee off, then run OTM...
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1081991

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice