Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Slow, Won't Burn CDs Now


  • Please log in to reply

#1
Blazinice

Blazinice

    Member

  • Member
  • PipPip
  • 53 posts
This all started after I downloaded a zip file, so I'm assuming that some sort of spyware or malware downloaded along with it. My system seems a lot slower than usual, especially when rebooting... occasionally it will get stuck on the Windows screen and won't load. I also can't get a cd to burn now, I just keep getting random error messages no matter which program I use. Everything was fine literally minutes before I downloaded the file. I hope someone can help!

Here's my OTL log:
OTL logfile created on: 5/17/2013 7:01:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shane Livingston\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 3.80 Gb Available Physical Memory | 65.51% Memory free
11.61 Gb Paging File | 8.94 Gb Available in Paging File | 77.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.72 Gb Total Space | 576.80 Gb Free Space | 83.75% Space Free | Partition Type: NTFS
Drive I: | 149.01 Gb Total Space | 82.91 Gb Free Space | 55.64% Space Free | Partition Type: FAT32

Computer Name: SHANELIVINGSTON | User Name: Shane Livingston | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/17 19:01:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shane Livingston\Desktop\OTL.exe
PRC - [2013/05/16 18:24:20 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/15 18:49:23 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/05 11:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/12/18 07:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/27 16:51:38 | 000,825,560 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 14:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 14:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/01/27 17:01:56 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/16 18:24:20 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/05/16 03:32:46 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013/05/16 03:28:49 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/05/16 03:28:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/16 03:28:32 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/05/16 03:28:24 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/16 03:28:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/05/15 18:49:22 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013/01/12 04:35:38 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/12 04:35:26 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/12 04:35:05 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/12 04:34:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/12 04:34:49 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/12 04:34:43 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/04/17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012/04/17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012/04/17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012/04/17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012/04/17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012/04/17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012/04/17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012/04/17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/02/19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/02/19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/02/19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/11/16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/05/16 18:24:20 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/15 18:49:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/12/18 07:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/10/11 09:13:41 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/02/19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/02/19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013/02/19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/02/19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/02/19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/02/19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/09 15:21:12 | 012,312,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/23 06:12:58 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/02/27 11:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/24 01:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/16 07:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E868CD84-79A9-4032-BD51-DADCB1A479D4}
IE:64bit: - HKLM\..\SearchScopes\{E868CD84-79A9-4032-BD51-DADCB1A479D4}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0B961DAD-1ABB-4881-B76F-55208FF2CD47}
IE - HKLM\..\SearchScopes\{0B961DAD-1ABB-4881-B76F-55208FF2CD47}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope = {0B961DAD-1ABB-4881-B76F-55208FF2CD47}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..extensions.enabledAddons: 2020Player_WEB%402020Technologies.com:5.0.94.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/01/15 22:08:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/16 18:24:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/16 18:24:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/16 18:24:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/16 18:24:15 | 000,000,000 | ---D | M]

[2011/01/11 23:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shane Livingston\AppData\Roaming\Mozilla\Extensions
[2013/03/22 16:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shane Livingston\AppData\Roaming\Mozilla\Firefox\Profiles\6guzfwxp.default\extensions
[2013/02/24 12:36:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Shane Livingston\AppData\Roaming\Mozilla\Firefox\Profiles\6guzfwxp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/30 12:12:34 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Shane Livingston\AppData\Roaming\Mozilla\Firefox\Profiles\6guzfwxp.default\extensions\[email protected]
[1633/02/03 11:24:13 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Shane Livingston\AppData\Roaming\Mozilla\Firefox\Profiles\6guzfwxp.default\extensions\[email protected]
[2013/03/22 16:40:57 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Shane Livingston\AppData\Roaming\Mozilla\Firefox\Profiles\6guzfwxp.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/05/16 18:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/16 18:24:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Shane Livingston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BFD9031-4A48-4628-8D99-2E23AE4549B5}: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1369409-2597-49BB-97C6-ACB9EEDA61AE}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/22 15:55:48 | 000,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/17 19:01:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Shane Livingston\Desktop\OTL.exe
[2013/05/17 18:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/05/17 18:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/05/17 18:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013/05/17 18:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2013/05/17 18:44:10 | 000,000,000 | ---D | C] -- C:\Users\Shane Livingston\AppData\Roaming\SystemRequirementsLab
[2013/05/17 09:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/17 09:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/17 09:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/17 09:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/05/17 09:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/16 18:24:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/06 17:40:37 | 000,000,000 | ---D | C] -- C:\Users\Shane Livingston\AppData\Local\{20115407-5E90-4844-AAF9-4DA09A6FA8AF}
[2013/05/05 19:23:09 | 000,000,000 | ---D | C] -- C:\Users\Shane Livingston\AppData\Roaming\Skype
[2013/05/05 19:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/05/03 15:49:00 | 000,000,000 | ---D | C] -- C:\Users\Shane Livingston\AppData\Local\{4E129763-80A5-4F85-B940-21D285038644}
[2013/05/01 16:49:06 | 000,000,000 | ---D | C] -- C:\Users\Shane Livingston\AppData\Local\{C9B14468-1F2C-49FA-B1A2-E7972D71971F}
[2013/05/01 16:48:43 | 000,000,000 | ---D | C] -- C:\Users\Shane Livingston\AppData\Local\{7413C5CB-A687-4C77-9593-98CCDA002C07}
[2013/04/22 17:35:46 | 000,000,000 | ---D | C] -- C:\Users\Shane Livingston\AppData\Local\{C2CD0BE0-171A-4489-9724-F876B4D032E3}

========== Files - Modified Within 30 Days ==========

[2013/05/17 19:01:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shane Livingston\Desktop\OTL.exe
[2013/05/17 19:00:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/17 19:00:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/17 18:57:50 | 000,793,608 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/17 18:57:50 | 000,669,516 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/17 18:57:50 | 000,125,444 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/17 18:54:31 | 000,016,608 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013/05/17 18:54:19 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/17 18:53:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/17 18:52:54 | 378,888,191 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/17 18:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/17 18:30:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/17 15:00:57 | 000,002,046 | ---- | M] () -- C:\Users\Shane Livingston\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/17 11:14:42 | 000,176,248 | ---- | M] () -- C:\Users\Shane Livingston\Desktop\honey-itunesvideofront.png
[2013/05/17 09:56:25 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/17 09:55:33 | 003,716,408 | ---- | M] () -- C:\Users\Shane Livingston\Desktop\Syleena Johnson Ft. Musiq Soulchild - Feel The Fire.mp3
[2013/05/16 03:27:29 | 000,268,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/12 10:46:39 | 049,113,400 | ---- | M] () -- C:\Users\Shane Livingston\Desktop\E-LL 1064.zip.part
[2013/05/12 10:43:53 | 000,000,000 | ---- | M] () -- C:\Users\Shane Livingston\Desktop\E-LL 1064.zip
[2013/05/10 22:44:10 | 000,019,984 | ---- | M] () -- C:\Users\Shane Livingston\Desktop\215325_483319451741194_1482518934_n.jpg
[2013/05/09 18:00:18 | 004,391,830 | ---- | M] () -- C:\Users\Shane Livingston\Desktop\The-Dream Ft. Jay-Z - High Art.mp3
[2013/05/06 20:30:39 | 000,074,218 | ---- | M] () -- C:\Users\Shane Livingston\Desktop\kate.jpg
[2013/05/06 07:19:48 | 003,243,362 | ---- | M] () -- C:\Users\Shane Livingston\Desktop\SVQVcZkn3h9u.128.mp3
[2013/05/02 19:32:00 | 103,576,918 | ---- | M] () -- C:\Users\Shane Livingston\Desktop\VA-TGGOST 1053.zip
[2013/05/02 19:31:51 | 092,505,911 | ---- | M] () -- C:\Users\Shane Livingston\Desktop\JS-MY&TM 1051.zip
[2013/04/23 17:25:08 | 109,737,490 | ---- | M] () -- C:\Users\Shane Livingston\Desktop\F-SEOY(DV) 1044.zip
[2013/04/23 17:21:29 | 047,141,925 | ---- | M] () -- C:\Users\Shane Livingston\Desktop\LLCJ-A 1044.zip

========== Files Created - No Company Name ==========

[2013/05/17 18:54:31 | 000,016,608 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/05/17 11:14:39 | 000,176,248 | ---- | C] () -- C:\Users\Shane Livingston\Desktop\honey-itunesvideofront.png
[2013/05/17 11:12:09 | 011,646,524 | ---- | C] () -- C:\Users\Shane Livingston\Desktop\06 Track 6.m4a
[2013/05/17 09:56:25 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/17 09:55:29 | 003,716,408 | ---- | C] () -- C:\Users\Shane Livingston\Desktop\Syleena Johnson Ft. Musiq Soulchild - Feel The Fire.mp3
[2013/05/12 10:43:53 | 000,000,000 | ---- | C] () -- C:\Users\Shane Livingston\Desktop\E-LL 1064.zip
[2013/05/12 10:43:52 | 049,113,400 | ---- | C] () -- C:\Users\Shane Livingston\Desktop\E-LL 1064.zip.part
[2013/05/10 22:44:10 | 000,019,984 | ---- | C] () -- C:\Users\Shane Livingston\Desktop\215325_483319451741194_1482518934_n.jpg
[2013/05/09 18:00:06 | 004,391,830 | ---- | C] () -- C:\Users\Shane Livingston\Desktop\The-Dream Ft. Jay-Z - High Art.mp3
[2013/05/06 20:30:39 | 000,074,218 | ---- | C] () -- C:\Users\Shane Livingston\Desktop\kate.jpg
[2013/05/06 07:19:44 | 003,243,362 | ---- | C] () -- C:\Users\Shane Livingston\Desktop\SVQVcZkn3h9u.128.mp3
[2013/05/02 19:27:57 | 092,505,911 | ---- | C] () -- C:\Users\Shane Livingston\Desktop\JS-MY&TM 1051.zip
[2013/05/02 19:27:42 | 103,576,918 | ---- | C] () -- C:\Users\Shane Livingston\Desktop\VA-TGGOST 1053.zip
[2013/04/23 17:19:43 | 109,737,490 | ---- | C] () -- C:\Users\Shane Livingston\Desktop\F-SEOY(DV) 1044.zip
[2013/04/23 17:19:36 | 047,141,925 | ---- | C] () -- C:\Users\Shane Livingston\Desktop\LLCJ-A 1044.zip
[2012/08/09 15:21:04 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/01/10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/11/17 16:09:41 | 000,000,232 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/06/13 16:26:20 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\OggEnc.exe
[2011/06/13 16:26:18 | 000,399,872 | ---- | C] () -- C:\Windows\SysWow64\faac.exe
[2011/06/13 16:26:18 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\Lame.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/10 11:19:28 | 000,000,000 | ---D | M] -- C:\Users\Shane Livingston\AppData\Roaming\Ganz
[2012/05/15 23:33:13 | 000,000,000 | ---D | M] -- C:\Users\Shane Livingston\AppData\Roaming\HTC
[2012/03/24 11:00:15 | 000,000,000 | ---D | M] -- C:\Users\Shane Livingston\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/03/03 12:22:25 | 000,000,000 | ---D | M] -- C:\Users\Shane Livingston\AppData\Roaming\PCDr
[2012/12/13 11:08:47 | 000,000,000 | ---D | M] -- C:\Users\Shane Livingston\AppData\Roaming\Smilebox
[2013/04/10 17:13:08 | 000,000,000 | ---D | M] -- C:\Users\Shane Livingston\AppData\Roaming\SoftGrid Client
[2013/05/17 18:44:10 | 000,000,000 | ---D | M] -- C:\Users\Shane Livingston\AppData\Roaming\SystemRequirementsLab
[2012/05/04 12:35:37 | 000,000,000 | ---D | M] -- C:\Users\Shane Livingston\AppData\Roaming\TP
[2012/04/02 11:58:51 | 000,000,000 | ---D | M] -- C:\Users\Shane Livingston\AppData\Roaming\Windows Live Writer
[2011/08/26 11:56:35 | 000,000,000 | ---D | M] -- C:\Users\Shane Livingston\AppData\Roaming\WinZip
[2011/01/30 21:45:58 | 000,000,000 | ---D | M] -- C:\Users\Shane Livingston\AppData\Roaming\ZiggyTV

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
1972vet

1972vet

    Trusted Helper

  • Malware Removal
  • 99 posts
Greetings Blazinice and Welcome to the forums,

Please do this:
Download the free utility AdwareCleaner to your desktop. When the download completes, right-click on the AdwClean.exe and select "Run as administrator"...then click on the Search button. When the search completes, a text file will open automatically. Close the program but copy the contents of the text file to paste here on your next reply.

Next, please download RogueKiller to your desktop
  • Close all open programs
  • For Vista or Windows 7, right click -> run as administrator, for XP simply double-click RogueKiller.exe
  • Accept the agreement and the pre-scan begins. Please wait until it finishes, then click the Scan button.
  • When the scan completes, the RKreport.txt shall be generated and auto-saved to your desktop.
Note: If the program fails to run, don't hesitate to try several times. If several attempts still fail (it is possible), just rename it to winlogon.exe and try running it again.

Please post the contents of the RKreport.txt in your next reply (along with the results from the adwcleaner scan) and wait for further instructions...and please do nothing else with this tool until or unless directed.Thanks!
  • 0

#3
Blazinice

Blazinice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Adwcleaner Report:
# AdwCleaner v2.301 - Logfile created 05/18/2013 at 23:46:59
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Shane Livingston - SHANELIVINGSTON
# Boot Mode : Normal
# Running from : C:\Users\Shane Livingston\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Shane Livingston\AppData\Roaming\Mozilla\Firefox\Profiles\6guzfwxp.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1198 octets] - [18/05/2013 23:46:59]

########## EOF - C:\AdwCleaner[R1].txt - [1258 octets] ##########

RogueKiller Report:
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shane Livingston [Admin rights]
Mode : Scan -- Date : 05/18/2013 23:54:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [-] -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [-] -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD7501AAES-75W7A0 ATA Device +++++
--- User ---
[MBR] dc3dc31ce64d34b587e7520fc898c8cb
[BSP] bd88243ba1753a8780c06e4eb19307c6 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10118 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20803584 | Size: 705245 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD 1600AAJ External USB Device +++++
--- User ---
[MBR] 4a21f5b2bb481202fdc96e454bed6d16
[BSP] 1343860dbef73a961735f1522ff55311 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_05182013_02d2354.txt >>
RKreport[1]_S_05182013_02d2354.txt

Edited by Blazinice, 18 May 2013 - 09:56 PM.

  • 0

#4
1972vet

1972vet

    Trusted Helper

  • Malware Removal
  • 99 posts
Thanks! Now, please return to the AdwCleaner utility and run it again as before (remember to right-click and select "Run as Administrator"). When it opens, click the scan button. When that scan completes, don't bother with the log, just close it and click the Delete button. After deletion is complete, just click "OK" to close the information box, then click "OK" to allow the reboot. When the system comes back up, a log file detailing the results will be presented on screen. Please copy the contents of that notepad file to include with your next reply.

Next, please return to the RogueKiller utility...just open it again ("As Administrator"), wait for the brief initial scan to complete, then click the scan button as before. When the scan completes, please locate and click the Delete button. Allow the system to reboot if prompted.

When the system comes back up, please post the most current RogueKiller log along with your AdwCleaner log. Thanks!
  • 0

#5
Blazinice

Blazinice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Ok, completed both steps... here are the logs:

# AdwCleaner v2.301 - Logfile created 05/19/2013 at 07:13:53
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Shane Livingston - SHANELIVINGSTON
# Boot Mode : Normal
# Running from : C:\Users\Shane Livingston\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Shane Livingston\AppData\Roaming\Mozilla\Firefox\Profiles\6guzfwxp.default\prefs.js

C:\Users\Shane Livingston\AppData\Roaming\Mozilla\Firefox\Profiles\6guzfwxp.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1327 octets] - [18/05/2013 23:46:59]
AdwCleaner[R2].txt - [1387 octets] - [19/05/2013 07:13:25]
AdwCleaner[R3].txt - [1447 octets] - [19/05/2013 07:13:44]
AdwCleaner[S1].txt - [1499 octets] - [19/05/2013 07:13:53]

########## EOF - C:\AdwCleaner[S1].txt - [1559 octets] ##########


New Rogue:
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shane Livingston [Admin rights]
Mode : Remove -- Date : 05/19/2013 07:21:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [-] -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD7501AAES-75W7A0 ATA Device +++++
--- User ---
[MBR] dc3dc31ce64d34b587e7520fc898c8cb
[BSP] bd88243ba1753a8780c06e4eb19307c6 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10118 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20803584 | Size: 705245 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD 1600AAJ External USB Device +++++
--- User ---
[MBR] 4a21f5b2bb481202fdc96e454bed6d16
[BSP] 1343860dbef73a961735f1522ff55311 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3]_D_05192013_02d0721.txt >>
RKreport[1]_S_05182013_02d2354.txt ; RKreport[2]_S_05192013_02d0719.txt ; RKreport[3]_D_05192013_02d0721.txt
  • 0

#6
1972vet

1972vet

    Trusted Helper

  • Malware Removal
  • 99 posts
Very good Blazinice! Now please do this:
Disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here. Next, please download the free utility DDS from any of these locations...Here, Here...or Here.
Note - Some infections may prevent certain executable files from running on your computer. If one of these download locations results in a failed run of the utility, please try the next location until you find one that will work on your machine
Double click dds.scr to run the tool
  • When it completes, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Next, please install WinPatrol Free version Here...and install it using default settings (change nothing during the installation). When the installation completes, double-click the WinPatrol icon in your system tray to open the user interface. Click on the "Options" tab. Click on the Hijack Log button. Wait for a notepad file to open containing the logged system analysis information and save it to your destktop. You can name the log "WinPatrol Hijack" log.

Please remember to include the following logs in your next reply.
  • DDS.txt
  • Attach.txt
  • WinPatrol Hijack Log

  • 0

#7
Blazinice

Blazinice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Okay, here are the three logs...

DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by Shane Livingston at 8:56:25 on 2013-05-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4264 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\SHANEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{6BFD9031-4A48-4628-8D99-2E23AE4549B5} : DHCPNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{B1369409-2597-49BB-97C6-ACB9EEDA61AE} : DHCPNameServer = 192.168.42.129
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shane Livingston\AppData\Roaming\Mozilla\Firefox\Profiles\6guzfwxp.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Shane Livingston\AppData\Roaming\Mozilla\Firefox\Profiles\6guzfwxp.default\extensions\[email protected]\plugins\NP_2020Player_WEB.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2019-09-25 22:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; C:\Users\Shane Livingston\AppData\Roaming\Mozilla\Firefox\Profiles\6guzfwxp.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-4-27 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-4-27 340216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-11 55280]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-7 143088]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-24 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-24 701512]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-19 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-19 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-19 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-10-11 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-10-11 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-10-11 182752]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-11 1692480]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-4-27 70112]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-11 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-10-11 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-6-22 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-4-27 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-4-27 515968]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-3 196440]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-10-11 158976]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-4-27 106552]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-8 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-13 1255736]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-19 201304]
.
=============== Created Last 30 ================
.
2013-05-19 11:17:37 -------- d-----w- C:\Users\Shane Livingston\AppData\Local\Adobe
2013-05-19 03:20:50 -------- d-----w- C:\Users\Shane Livingston\AppData\Local\ElevatedDiagnostics
2013-05-18 22:43:20 -------- d-----w- C:\Users\Shane Livingston\AppData\Local\Apple Computer
2013-05-18 18:23:48 -------- d-----w- C:\Users\Shane Livingston\AppData\Local\{02DE3538-7105-47BA-99B5-9FCBBB8F2B28}
2013-05-17 23:07:12 -------- d-----w- C:\Users\Shane Livingston\AppData\Roaming\SUPERAntiSpyware.com
2013-05-17 23:07:02 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-05-17 23:07:02 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-05-17 22:51:47 -------- d-----w- C:\Program Files\Common Files\Intel
2013-05-17 22:51:46 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2013-05-17 22:44:18 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2013-05-17 13:55:52 -------- d-----w- C:\Program Files\iPod
2013-05-17 13:55:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 13:55:51 -------- d-----w- C:\Program Files\iTunes
2013-05-17 13:55:51 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-17 13:44:09 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7135BB5A-B209-464C-9AC3-BC3E731D6FFD}\mpengine.dll
2013-05-16 07:01:22 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-15 21:10:31 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 21:10:30 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 21:10:30 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 21:10:18 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 21:10:16 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 21:10:16 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 21:10:16 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 21:09:28 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 21:09:28 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 21:09:26 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-06 21:40:37 -------- d-----w- C:\Users\Shane Livingston\AppData\Local\{20115407-5E90-4844-AAF9-4DA09A6FA8AF}
2013-05-03 19:49:00 -------- d-----w- C:\Users\Shane Livingston\AppData\Local\{4E129763-80A5-4F85-B940-21D285038644}
2013-05-01 20:49:06 -------- d-----w- C:\Users\Shane Livingston\AppData\Local\{C9B14468-1F2C-49FA-B1A2-E7972D71971F}
2013-05-01 20:48:43 -------- d-----w- C:\Users\Shane Livingston\AppData\Local\{7413C5CB-A687-4C77-9593-98CCDA002C07}
2013-04-23 21:07:40 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-22 21:35:46 -------- d-----w- C:\Users\Shane Livingston\AppData\Local\{C2CD0BE0-171A-4489-9724-F876B4D032E3}
.
==================== Find3M ====================
.
2013-05-15 22:49:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 22:49:23 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-16 21:48:13 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-16 21:48:12 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-16 21:48:12 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-23 07:05:16 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-02-19 18:59:06 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-02-19 18:56:26 340216 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-02-19 18:55:26 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2013-02-19 18:55:14 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2013-02-19 18:54:32 771536 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-02-19 18:53:42 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-02-19 18:53:02 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-02-19 18:52:44 179280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
.
============= FINISH: 8:56:59.55 ===============

Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/11/2011 7:43:07 PM
System Uptime: 5/19/2013 7:14:55 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0C2KJT
Processor: Intel® Core™ i3 CPU 550 @ 3.20GHz | CPU 1 | 3200/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 689 GiB total, 573.857 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (FAT32) - 149 GiB total, 82.907 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP245: 5/7/2013 4:23:28 PM - Windows Update
RP246: 5/10/2013 7:40:31 PM - Windows Update
RP247: 5/14/2013 7:31:42 AM - Windows Update
RP248: 5/16/2013 3:00:33 AM - Windows Update
RP249: 5/17/2013 6:41:14 PM - Removed Skype™ 6.3
.
==== Installed Programs ======================
.
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avery Template
Best Buy pc app
Bonjour
CCleaner
ConvertHelper 2.2
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center
DVD Flick 1.3.0.7
Google Earth
Google Update Helper
GoToAssist 8.0.0.514
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
iCloud
Intel® Processor Graphics
iTunes
Java 7 Update 21
Java Auto Updater
Java™ 6 Update 30
Java™ 6 Update 30 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Web Publishing Wizard 1.52
MobileMe Control Panel
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Multimedia Card Reader
Nintendo_History_ScreenSaver
Prism Video File Converter
QuickTime
Realtek High Definition Audio Driver
Ring Factory
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shared C Run-time for x64
Shockwave
Smilebox
SUPERAntiSpyware
swMSM
System Requirements Lab for Intel
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
5/18/2013 6:40:08 PM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).
5/17/2013 9:43:07 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
5/17/2013 6:55:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
5/17/2013 5:01:11 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
.
==== End Of File ===========================

Winpatrol:

Log created by WinPatrol [FREE Edition] version 28.1.2013.0:28.1.2013.0
Scan saved at 8:59:22 AM, on 5/19/2013
Platform: Windows 7 Home Edition Service Pack 1 (Build 7601)
MSIE: Internet Explorer (10.00.9200.16521)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\mbamgui.exe
C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\Toaster.exe
C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUpdate\DSUpd.exe
C:\PROGRAM FILES (X86)\MCAFEE SECURITY SCAN\3.0.318\SSSCHEDULER.EXE
C:\PROGRAM FILES (X86)\MULTIMEDIA CARD READER(9106)\SHWICONXP9106.EXE
C:\PROGRAM FILES (X86)\Roxio\ROXIO BURN\ROXIOBURNLAUNCHER.EXE
C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRAM FILES (X86)\HTC\HTC SYNC 3.0\HTCUPCTLOADER.EXE
C:\PROGRAM FILES (X86)\Adobe\ACROBAT 10.0\Acrobat\acrotray.exe
C:\PROGRAM FILES (X86)\iTunes\ITUNESHELPER.EXE
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\firefox.exe
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE
C:\Windows\SysWOW64\Macromed\Flash\FLASHPLAYERPLUGIN_11_7_700_202.EXE
C:\Windows\SysWOW64\notepad.exe
C:\PROGRAM FILES (X86)\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES (X86)\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl]C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\Run: [IgfxTray]C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence]C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware]C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WinPatrol [FREE Edition]]C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKU\..\Run: [ShwiconXP9106]C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
O4 - HKU\..\Run: [Desktop Disc Tool]c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
O4 - HKU\..\Run: [mcui_exe]C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKU\..\Run: [AppleSyncNotifier]C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKU\..\Run: [Adobe ARM]C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKU\..\Run: [APSDaemon]C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKU\..\Run: [HTC Sync Loader]C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup
O4 - HKU\..\Run: [Adobe Acrobat Speed Launcher]C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
O4 - HKU\..\Run: [Acrobat Assistant 8.0]C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
O4 - HKU\..\Run: [QuickTime Task]C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime
O4 - HKU\..\Run: [SunJavaUpdateSched]C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKU\..\Run: [iTunesHelper]C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKU\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"]C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk=C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O4 - Startup: Dell Dock.lnk=C:\Program Files (x86)\Dell\DellDock\DellDock.exe
O11 - Options group: [Accelerated graphics] Accelerated graphics - C:\Windows\System32
O11 - Options group: [] -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_30) - http://java.sun.com/...indows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} (Java Plug-in 1.6.0_30) - http://java.sun.com/...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (http://java.sun.com/...30-windows-i586) - http://java.sun.com/...indows-i586.cab
O23 - Service: SAS Core Service - SUPERAntiSpyware.com - C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service - Adobe Systems Incorporated - C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FLASHPLAYERUPDATESERVICE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\PROGRAM FILES (X86)\COMMON FILES\Apple\MOBILE DEVICE SUPPORT\APPLEMOBILEDEVICESERVICE.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\PROGRAM FILES\Bonjour\MDNSRESPONDER.EXE
O23 - Service: Dock Login Service - Stardock Corporation - C:\PROGRAM FILES\Dell\DellDock\DOCKLOGIN.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\PROGRAM FILES (X86)\Citrix\GOTOASSIST\514\G2ASERVICE.EXE
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE
O23 - Service: Google Update Service (gupdatem) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE
O23 - Service: iPod Service - Apple Inc. - C:\PROGRAM FILES\iPod\bin\IPODSERVICE.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\MBAMSCHEDULER.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\MBAMSERVICE.EXE
O23 - Service: McAfee Security Scan Component Host Service - McAfee, Inc. - C:\PROGRAM FILES (X86)\MCAFEE SECURITY SCAN\3.0.318\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service - McAfee, Inc. - C:\PROGRAM FILES\COMMON FILES\mcafee\MCSVCHOST\McSvHost.exe
O23 - Service: McAfee Services - McAfee, Inc. - C:\PROGRAM FILES\COMMON FILES\mcafee\MCSVCHOST\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer - McAfee, Inc. - C:\PROGRAM FILES\COMMON FILES\mcafee\MCSVCHOST\McSvHost.exe
O23 - Service: McAfee Network Agent - McAfee, Inc. - C:\PROGRAM FILES\COMMON FILES\mcafee\MCSVCHOST\McSvHost.exe
O23 - Service: McAfee Scanner - McAfee, Inc. - C:\PROGRAM FILES\mcafee\VIRUSSCAN\mcods.exe
O23 - Service: McAfee OOBE Service - McAfee, Inc. - C:\PROGRAM FILES\COMMON FILES\mcafee\MCSVCHOST\McSvHost.exe
O23 - Service: McAfee Proxy Service - McAfee, Inc. - C:\PROGRAM FILES\COMMON FILES\mcafee\MCSVCHOST\McSvHost.exe
O23 - Service: McAfee McShield - McAfee, Inc. - C:\PROGRAM FILES\COMMON FILES\mcafee\SYSTEMCORE\\mcshield.exe
O23 - Service: McAfee Firewall Core Service - McAfee, Inc. - C:\PROGRAM FILES\COMMON FILES\mcafee\SYSTEMCORE\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service - McAfee, Inc. - C:\PROGRAM FILES\COMMON FILES\mcafee\SYSTEMCORE\mfevtps.exe
O23 - Service: Mozilla Maintenance Service - Mozilla Foundation - C:\PROGRAM FILES (X86)\MOZILLA MAINTENANCE SERVICE\MAINTENANCESERVICE.EXE
O23 - Service: Internet Pass-Through Service - - C:\PROGRAM FILES (X86)\HTC\INTERNET PASS-THROUGH\PASSTHRUSVR.EXE
O23 - Service: SoftThinks Agent Service - SoftThinks SAS - C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\SFTSERVICE.EXE

--- Additional WinPatrol Info ---
Default Browser: Firefox - Firefox version 21.0
MSIE: Internet Explorer (10.00.9200.16521)
Firefox 21.0 installed in C:\Program Files (x86)\Mozilla Firefox.
4 IE Cookies in Folder: C:\Users\Shane Livingston\AppData\Roaming\Microsoft\Windows\Cookies\
1924 Mozilla Cookies in Folder: C:\Users\Shane Livingston\AppData\Roaming\Mozilla\FireFox\Profiles\6guzfwxp.default

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\Users\SHANEL~1\AppData\Local\Temp\Tsu72984906.dll
WP01 - HKLM\CCS: PendingFileRenameOperations = \??\C:\Users\SHANEL~1\AppData\Local\Temp\Tsu72984906.dll
WP02 - HKLM\CCS: Command = C:\Windows\system32\cmd.exe


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [SUPERAntiSpyware Scheduled Task 96689c5a-f0a1-487e-a41f-960dfc5927be.job]C:\Program Files\SUPERAntiSpyware\SASTask.exe 05/19/2013 3:08 AM
WP31 - Scheduled Tasks: [SUPERAntiSpyware Scheduled Task 6a0eb365-203a-4779-8a46-26d72c44fe3b.job]C:\Program Files\SUPERAntiSpyware\SASTask.exe 05/19/2013 2:00 AM
WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineUA.job]C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 05/19/2013 8:30 AM
WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineCore.job]C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 05/19/2013 7:16 AM
WP31 - Scheduled Tasks: [Adobe Flash Player Updater.job]C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 05/19/2013 8:49 AM

WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\Windows\SysWOW64\mshtml.dll 10.00.9200.16521
WP16 - ActiveX: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [Microsoft Url Search Hook] C:\Windows\SysWOW64\ieframe.dll 10.00.9200.16521
WP16 - ActiveX: {D2517915-48CE-4286-970F-921E881B8C5C} [Windows Live ID Sign-in Control] C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WINDOWSLIVELOGIN.DLL 7.250.4232.0
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\Windows\SysWOW64\Macromed\Flash\FLASH32_11_7_700_202.OCX 11,7,700,202
WP16 - ActiveX: {DFEAF541-F3E1-4C24-ACAC-99C30715084A} [Microsoft Silverlight] C:\PROGRAM FILES (X86)\MICROSOFT SILVERLIGHT\5.1.20125.0\npctrl.dll 5.1.20125.0
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\Windows\System32\msxml3.dll 8.110.7601.17988
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\Windows\System32\wmpdxm.dll 12.0.7601.17514
WP16 - ActiveX: {DFEAF541-F3E1-4c24-ACAC-99C30715084A} [Microsoft Silverlight] C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\5.1.20125.0\npctrl.dll 5.1.20125.0
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\Windows\System32\hhctrl.ocx 6.1.7600.16385
WP16 - ActiveX: {54CE37E0-9834-41ae-9896-4DAB69DC022B} [Microsoft RDP Client Control (redistributable) - version 5a] C:\Windows\System32\mstscax.dll 6.1.7601.17514
WP16 - ActiveX: {6A6F4B83-45C5-4ca9-BDD9-0D81C12295E4} [Microsoft RDP Client Control (redistributable) - version 4a] C:\Windows\System32\mstscax.dll 6.1.7601.17514
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\Windows\System32\ieframe.dll 10.00.9200.16521
WP16 - ActiveX: {971127BB-259F-48c2-BD75-5F97A3331551} [Microsoft RDP Client Control (redistributable) - version 3a] C:\Windows\System32\mstscax.dll 6.1.7601.17514
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\Windows\System32\mshtml.dll 10.00.9200.16521
WP16 - ActiveX: {CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [Deployment Toolkit] C:\Windows\System32\DEPLOYJAVA1.DLL 6.0.300.12
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH64_11_7_700_202.OCX 11,7,700,202
WP16 - ActiveX: {D27CDB70-AE6D-11cf-96B8-444553540000} [Macromedia Flash Factory Object] C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH64_11_7_700_202.OCX 11,7,700,202

WP32 - Hidden File: C:\dell.sdr
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\Windows\WindowsShell.Manifest
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

WP33 - File Type .AVI: [Video Clip]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [Windows Batch File]%1 %*
WP33 - File Type .CAB: [Cabinet File]C:\Windows\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Security Catalog]C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\Windows\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Word 97 - 2003 Document]C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe Microsoft Word Starter 2010 9014006604090000 /n %1
WP33 - File Type .EML: [Windows Live Mail Mail Message]C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JavaScript File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\Windows\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Microsoft Office 2010]C:\PROGRA~2\MIF5BA~1\OPTION~1\MSOO.EXE %1
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MPEG Layer 3 Audio]C:\Program Files (x86)\iTunes\iTunes.exe /open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe Microsoft Word Starter 2010 9014006604090000 /n %1
WP33 - File Type .SCR: [Screen saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Windows host process (Rundll32)]C:\Windows\System32\rundll32.exe C:\Windows\System32\ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Excel 97-2003 Worksheet]C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdde.exe Microsoft Excel Starter 2010 9014006604090000 Excel /dde

Memory currently in use: 30%
Physical Memory Free: 4,194,303 KB
Paging File Free: 4,194,303 KB
Virtual Memory Free: 1,971,700 KB


--
End of file
  • 0

#8
1972vet

1972vet

    Trusted Helper

  • Malware Removal
  • 99 posts
Are you a software developer?

You should disable Windows Defender since McAfee's suite is running and will cause interference. Super Anti-Spyware is one you don't need either with McAfee's suite running.

Do you use Dell DataSafe? I know they charge a fee for it if you do...but if you don't then please uninstall it. Likewise, do you use GoToAssist? It's fine if you do, just remember to use strong passwords. If you don't use it though, uninstalling it is the best plan. These also need to go:
Java™ 6 Update 30
Java™ 6 Update 30 (64-bit)

...you already have the latest version installed. Those are outdated and exploited.

Download FileHippo's Update Checker. Double-click the FHSetup.exe file to install it. When the install completes, you'll find the Update Checker shortcut on the desk top. Double-click on it and a scan begins with the results showing in your browser. Any software it finds to be out of date, will be presented in your browser. Just click on the download link provided there to download your software updates. Ignore the beta software unless you want that...during the scanner initialization, you can click the settings link, then click the results tab and check the box "Hide beta versions". After clicking the OK button, click the "Retry" link to continue the scan with those settings. Please remember to post back your results, and since the AdwCleaner and RogueKiller scans, tell us how the system behaves for you now. Thanks!
  • 0

#9
Blazinice

Blazinice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
No, I'm not a software developer!

The system seems to be running a little faster. But I'm still unable to burn discs. No matter what program I use (iTunes, Roxio, or Windows Media Player), it says there's an error.

This started immediately after downloading that file, so I don't think that there's anything wrong with the burner itself. I think there's a correlation to whatever it is that I downloaded. This same thing happened with my last computer, these errors started after downloading a file.

Edited by Blazinice, 19 May 2013 - 08:19 AM.

  • 0

#10
Blazinice

Blazinice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
I just ran a temporary file cleaner, restarted, opened iTunes, it burnt a cd. Then I tried to burn a second one and the error started again. It will start to burn, then stop. It plays cds and dvds just fine... the only issue is when I try to burn.
  • 0

Advertisements


#11
1972vet

1972vet

    Trusted Helper

  • Malware Removal
  • 99 posts
Not a software developer? Then you don't need this either:
JavaFX 2.1.1
...Do you remember the name of the zip file you downloaded? It would be a big help. Also, just to note...if you run some other tool (other than what is recommended here), during this help session, you run a risk of removing things that may be pertinent to this issue. Things that could be helpful in determining exactly what has gone wrong...so, please do NOTHING other than what is directed here while this troubleshooting endeavor (that you requested) is underway. Thanks!

Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.
...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled (Microsoft Security Essentials users can disregard the Windows Defender disable instruction since while MSE is installed, Windows Defender is disabled already by default).

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

  • 0

#12
Blazinice

Blazinice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Here's the Combofix log:

ComboFix 13-05-20.01 - Shane Livingston 05/20/2013 22:55:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4314 [GMT -4:00]
Running from: c:\users\Shane Livingston\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1ea63693-456f-437c-857f-522df77e7357.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3e0b29b2-9809-4050-abfc-ef8aff73ceab.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4d4f44db-c9f0-4cc8-a32f-e98ea4fff68d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5f2ce3e8-3c56-40bb-86d6-a1a41867000b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7b6e388f-35d0-44f8-aa2c-20538273473f.dll
c:\programdata\PCDr\6032\AddOnDownloaded\97cd9b9c-9747-469a-acfa-cfbf8aed528a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\c0ff87a7-2f82-4d5e-8d0f-38cbd0c2f4d1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\caf72ad2-a222-415c-a303-8ca35e466713.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
I:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-21 to 2013-05-21 )))))))))))))))))))))))))))))))
.
.
2013-05-21 03:01 . 2013-05-21 03:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-19 14:04 . 2013-05-19 14:04 -------- d-----w- c:\windows\en
2013-05-19 14:02 . 2013-02-06 02:06 57840 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-05-19 14:02 . 2013-05-19 14:02 -------- d-----w- c:\program files\Windows Live
2013-05-19 14:00 . 2010-06-02 08:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-05-19 14:00 . 2010-06-02 08:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-05-19 14:00 . 2010-06-02 08:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-05-19 14:00 . 2010-06-02 08:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-05-19 14:00 . 2010-05-26 15:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-05-19 14:00 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-05-19 14:00 . 2010-05-26 15:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-05-19 14:00 . 2010-05-26 15:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-05-19 13:52 . 2013-05-19 13:52 -------- d-----w- c:\program files (x86)\FileHippo.com
2013-05-19 12:58 . 2013-05-19 12:58 -------- d-----w- c:\users\Shane Livingston\AppData\Roaming\WinPatrol
2013-05-19 12:58 . 2013-05-19 12:58 -------- d-----w- c:\program files (x86)\BillP Studios
2013-05-19 11:17 . 2013-05-19 11:17 -------- d-----w- c:\users\Shane Livingston\AppData\Local\Adobe
2013-05-19 03:20 . 2013-05-19 14:58 -------- d-----w- c:\users\Shane Livingston\AppData\Local\ElevatedDiagnostics
2013-05-18 22:43 . 2013-05-19 11:17 -------- d-----w- c:\users\Shane Livingston\AppData\Local\Apple Computer
2013-05-17 22:51 . 2013-05-17 22:51 -------- d-----w- c:\program files\Common Files\Intel
2013-05-17 22:51 . 2013-05-17 22:51 -------- d-----w- c:\program files (x86)\Common Files\Intel
2013-05-17 22:44 . 2013-05-17 22:44 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-05-17 22:44 . 2013-05-17 22:44 -------- d-----w- c:\users\Shane Livingston\AppData\Roaming\SystemRequirementsLab
2013-05-17 13:55 . 2013-05-17 13:55 -------- d-----w- c:\program files\iPod
2013-05-17 13:55 . 2013-05-17 13:56 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 13:55 . 2013-05-17 13:56 -------- d-----w- c:\program files\iTunes
2013-05-17 13:55 . 2013-05-17 13:56 -------- d-----w- c:\program files (x86)\iTunes
2013-05-17 13:44 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7135BB5A-B209-464C-9AC3-BC3E731D6FFD}\mpengine.dll
2013-05-15 21:10 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 21:10 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 21:10 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 21:10 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 21:10 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 21:10 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 21:10 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 21:10 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 21:10 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 21:09 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 21:09 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 21:09 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-05 23:23 . 2013-05-17 22:41 -------- d-----w- c:\users\Shane Livingston\AppData\Roaming\Skype
2013-05-05 23:22 . 2013-05-17 22:41 -------- d-----w- c:\programdata\Skype
2013-04-23 21:07 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 14:01 . 2012-06-25 03:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 07:06 . 2011-01-17 21:16 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 22:49 . 2012-05-16 03:36 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 22:49 . 2011-06-22 23:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 06:06 . 2012-03-24 15:03 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 21:48 . 2013-04-16 21:48 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-16 21:48 . 2012-05-13 18:38 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-16 21:48 . 2010-10-11 13:11 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49 . 2013-05-15 21:10 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 21:10 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 21:10 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 21:10 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 21:10 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 21:10 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-04 18:50 . 2011-06-22 23:19 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-23 07:06 . 2013-03-23 07:06 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-23 07:06 . 2013-03-23 07:06 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-23 07:06 . 2013-03-23 07:06 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-23 07:06 . 2013-03-23 07:06 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-23 07:06 . 2013-03-23 07:06 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-23 07:06 . 2013-03-23 07:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-23 07:06 . 2013-03-23 07:06 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-23 07:06 . 2013-03-23 07:06 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-23 07:06 . 2013-03-23 07:06 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-23 07:06 . 2013-03-23 07:06 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-23 07:06 . 2013-03-23 07:06 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-23 07:06 . 2013-03-23 07:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-23 07:06 . 2013-03-23 07:06 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-23 07:06 . 2013-03-23 07:06 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-23 07:06 . 2013-03-23 07:06 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-23 07:06 . 2013-03-23 07:06 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-23 07:06 . 2013-03-23 07:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-23 07:06 . 2013-03-23 07:06 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-23 07:06 . 2013-03-23 07:06 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-23 07:06 . 2013-03-23 07:06 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-23 07:06 . 2013-03-23 07:06 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-23 07:06 . 2013-03-23 07:06 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-23 07:06 . 2013-03-23 07:06 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-23 07:06 . 2013-03-23 07:06 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-23 07:06 . 2013-03-23 07:06 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-23 07:06 . 2013-03-23 07:06 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-23 07:06 . 2013-03-23 07:06 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-23 07:06 . 2013-03-23 07:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-23 07:06 . 2013-03-23 07:06 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-23 07:06 . 2013-03-23 07:06 441856 ----a-w- c:\windows\system32\html.iec
2013-03-23 07:06 . 2013-03-23 07:06 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-23 07:06 . 2013-03-23 07:06 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-23 07:06 . 2013-03-23 07:06 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-23 07:06 . 2013-03-23 07:06 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-23 07:06 . 2013-03-23 07:06 235008 ----a-w- c:\windows\system32\url.dll
2013-03-23 07:06 . 2013-03-23 07:06 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-23 07:06 . 2013-03-23 07:06 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-23 07:06 . 2013-03-23 07:06 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-23 07:06 . 2013-03-23 07:06 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-23 07:06 . 2013-03-23 07:06 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-23 07:06 . 2013-03-23 07:06 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-23 07:06 . 2013-03-23 07:06 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-23 07:06 . 2013-03-23 07:06 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-23 07:06 . 2013-03-23 07:06 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-23 07:06 . 2013-03-23 07:06 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-23 07:06 . 2013-03-23 07:06 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-23 07:06 . 2013-03-23 07:06 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-23 07:06 . 2013-03-23 07:06 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-23 07:06 . 2013-03-23 07:06 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-23 07:05 . 2013-03-23 07:05 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-23 07:05 . 2013-03-23 07:05 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-03-23 07:05 . 2013-03-23 07:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-23 07:05 . 2013-03-23 07:05 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-23 07:05 . 2013-03-23 07:05 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-23 07:05 . 2013-03-23 07:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-23 07:05 . 2013-03-23 07:05 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-23 07:05 . 2013-03-23 07:05 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-23 07:05 . 2013-03-23 07:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-23 07:05 . 2013-03-23 07:05 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-23 07:05 . 2013-03-23 07:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-03-23 07:05 . 2013-03-23 07:05 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-03-23 07:05 . 2013-03-23 07:05 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-03-23 07:05 . 2013-03-23 07:05 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-23 07:05 . 2013-03-23 07:05 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-23 07:05 . 2013-03-23 07:05 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-03-23 07:05 . 2013-03-23 07:05 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-03-23 07:05 . 2013-03-23 07:05 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-23 07:05 . 2013-03-23 07:05 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-03-23 07:05 . 2013-03-23 07:05 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-23 07:05 . 2013-03-23 07:05 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-19 13:58 220632 ----a-w- c:\users\Shane Livingston\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-19 13:58 220632 ----a-w- c:\users\Shane Livingston\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-19 13:58 220632 ----a-w- c:\users\Shane Livingston\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 39136]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 825560]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
.
c:\users\Shane Livingston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-13 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2013-02-19 182752]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 22:49]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10 14:34]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10 14:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-19 13:58 244696 ----a-w- c:\users\Shane Livingston\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-19 13:58 244696 ----a-w- c:\users\Shane Livingston\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-19 13:58 244696 ----a-w- c:\users\Shane Livingston\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 167744]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 392512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 417088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: dell.com
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
FF - ProfilePath - c:\users\Shane Livingston\AppData\Roaming\Mozilla\Firefox\Profiles\6guzfwxp.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - ExtSQL: 2019-09-25 22:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\Shane Livingston\AppData\Roaming\Mozilla\Firefox\Profiles\6guzfwxp.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-RunOnce-c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe - c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-637680162-3269796017-186903447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-637680162-3269796017-186903447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-20 23:03:42
ComboFix-quarantined-files.txt 2013-05-21 03:03
.
Pre-Run: 618,890,747,904 bytes free
Post-Run: 618,731,577,344 bytes free
.
- - End Of File - - 96983ABE7F3D8D7316A8A65ACEE0654C
  • 0

#13
1972vet

1972vet

    Trusted Helper

  • Malware Removal
  • 99 posts
The fact that your CD burner worked after you ran a disk cleaner, then failed to work the next time you tried is perhaps anecdotal. It may have burned regardless...but we'll not be able to find out unless you have a log of items that were removed using that disk cleaner. Disk burning will cause disk fragmentation, and depending on what was burned, it may be quite substantial too so, before attempting a burn, you might try to run a disk defrag...but, at least, we do know that your disk burner works.

Also, you didn't say what file it was that you tried downloading but did mention that this happened to you before, on your previously owned computer. Do you remember if both times, you downloaded the same file? It would be great if you could remember.

Remove this from your trusted zone:
Trusted Zone: dell.com
...the only thing you might want to add to your trusted zone would be systems that you own personally that you have on your own network.

We need to run combofix again, using a script this time...so please disable the on board security products as before, thanks!

Please open a blank Notepad by clicking start-->type Notepad.exe in the "Search programs and files" box and click the "Notepad" icon that the search returns (should be at the top).

When the notepad opens, copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



KILLALL::

DDS::
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} -
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
SSODL: WebCheck -
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
x64-DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} -
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
x64-SSODL: WebCheck -

  • 0

#14
Blazinice

Blazinice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
I ran the combofix the way you told me to, however, when it restarted the computer, it wouldn't let me online with either Firefox or IE. I restarted and it both programs were working fine, but the log file disappeared. So I don't have a log to post. I also removed dell.com from the trusted zone.

I don't remember the specific files that I downloaded. I know this time, after downloading the file and when the cd wouldn't burn, I deleted it. Both times they were music zip files.
  • 0

#15
1972vet

1972vet

    Trusted Helper

  • Malware Removal
  • 99 posts

I ran the combofix the way you told me to, however, when it restarted the computer, it wouldn't let me online with either Firefox or IE. I restarted and it both programs were working fine, but the log file disappeared. So I don't have a log to post. I also removed dell.com from the trusted zone.

[color=blue]OK, thanks. The log file would not have been open to the screen upon the next restart (as you discovered), but it has not disappeared...you will find it at C:\ labeled "combofix.txt". Please post the content of THAT log.

I don't remember the specific files that I downloaded. I know this time, after downloading the file and when the cd wouldn't burn, I deleted it. Both times they were music zip files.

Thanks for the added info. When you download a zipped file, the contents of it are compressed (locked up in a sense) and cannot perform any function until you unzip the file. So...your answer here is most critical:
Did you find that the burner would not function after just having downloaded the zipped file, or was it after you extracted it's contents?

Please answer my above question and post the contents of the combofix log located in the file path indicated above.

Also, tell us please, are you still unable to burn disks as expected? If so, please tell us WHAT it is your burn attempt was for...that is, were you trying to burn a data disk or music, or create a video disk? Thanks!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP