PDA

View Full Version : Google redirect+ Fraud Defense Center + McAfee auto update issue



jinxpr00f
2010-10-06, 08:21
Hello. I am having several issues with my PC.

I recently visited a forum that I have frequented for years with no issues and several minutes after visiting the site, I got a series of 4 warnings pop up stating trojans had been detected & each time I followed the Windows prompts & as this was happening, I had my windows Defender run a full scan & the the issues seemed resolved. One problem that persisted was "Fraud Defense Center". I was unable to get rid of it. I ran Spybot immediately & it picked it up but it was unable to remove it.

Here's the problem - My McAfee did an auto update yesterday that created a new issue. Following the update, I was required to do a restart & when I did, all my documents had been moved to my temp folder & all my prgrams had apparently been reinstalled. My desktop image was replaced w/ the basic Vista one, my browsing history (which I hadn't deleted in for about a month) was gone, the Google dashboard I had hidden was back in place, & other things like Spybot, Foobar, etc. had apparently been reset. The programs were still there, but my preferrences were no longer there. This is especially aggravating because the Spybot log showing the problem was gone.

I have since run Spybot again & now it isn't picking up the Fraud Defenase Center problem. The issues I was having prior to the McAfee update were very similar to what the member described in this thread:

http://forums.spybot.info/showthread.php?t=59595

The Google redirect & most notably, the extremely slow performance. My apartment building provides free WiFi & a secure network - I've noticed a slowdown compared to where I previously resided & I had a cable connection -but since I had the trojan alerts & the Fraud Defense Center issue, my PC is WAY slow... It now takes at least 3 minutes for a webpage to load.

I realize this is a lengthy description, but I thought I'd be as thorough as possible (I'm not very tech-savy) so please forgive me.

Thanks very much!

DDS (Ver_10-03-17.01) - NTFSx86
Run by - J.B. - at 22:57:46.38 on Tue 10/05/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1615 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\C Technologies\C-Pen 20\CPen20.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\C Technologies\C-Pen 20\CPenOCR.exe
C:\Program Files\C Technologies\C-Pen 20\CPenDesk.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\dfrgui.exe
C:\Windows\system32\defrag.exe
C:\Windows\system32\DfrgNtfs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\TEMP\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://my.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090130
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090130
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100917043255.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\users\temp\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\c-pen2~1.lnk - c:\windows\installer\{e4cee700-1875-4214-9cbe-6058f5cf400e}\_FDCC84357FB9_4591_9BEA_C051AC901091.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-13 386712]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-5-13 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-5-13 164808]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-5-11 54776]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-1-30 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-1-30 179712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-30 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-30 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-13 312904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-13 55840]
S3 CPen20;C-Pen 20;c:\windows\system32\drivers\CPen20.sys [2008-5-14 14382]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-30 30192]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-13 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-30 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-30 40552]
S3 pendfu;PenDfu (pendfu.sys);c:\windows\system32\drivers\pendfu.sys [2008-5-14 32376]

=============== Created Last 30 ================

2010-10-05 03:40:08 0 d-----w- c:\program files\SoulseekNS
2010-10-05 03:05:36 0 d-----w- c:\users\temp\appdata\roaming\foobar2000
2010-10-05 02:05:39 0 d-----w- c:\programdata\Citrix
2010-10-05 01:55:31 103784 ----a-w- c:\users\temp\GoToAssistDownloadHelper.exe
2010-10-05 01:36:28 0 d-----w- c:\users\temp\appdata\roaming\McAfee
2010-10-05 00:59:21 0 d-----w- c:\users\temp\appdata\roaming\Intel
2010-10-05 00:58:09 0 d-----w- c:\users\temp\Bluetooth Software
2010-10-05 00:56:36 0 d-----w- c:\users\temp\appdata\roaming\Dell
2010-09-28 22:40:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-15 01:17:57 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 01:10:57 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 01:10:28 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 01:01:42 739328 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-08-24 18:57:38 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 18:57:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 18:57:38 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 18:57:38 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 18:57:38 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 18:57:38 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 18:57:38 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 18:57:38 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 18:57:38 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 18:57:38 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-13 21:04:55 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-13 21:04:55 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-13 21:04:53 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 01:50:20 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-15 07:12:41 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-01-30 19:46:16 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:00:19.54 ===============

Blade81
2010-10-09, 12:06
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Soulseek


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).


Please download Rootkit Unhooker (http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE) Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here. Post also fresh dds logs.

Note** you may get this warning it is ok, just ignore

Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?

jinxpr00f
2010-10-10, 10:11
Thank you very much for your reply. There are a couple of things I have noticed since I made my initial post - it now takes roughly 4 minutes for a webpage to load/refresh & I think my McAfee auto-update feature isn't working. I have tried to manually check for updates several times, but each time I do, the screen says it is checking, but it stays at 0% complete - I left it for an hour & it still said 0% complete. The only P2P program I ever used was Soulseek & I have uninstalled it as you instructed. I have the updated DDS report & zip file, as well as the RkU report you requested. (Due to the length of the text, I got an error message from the forum saying it had too many characters, so I will add the RkU report in a separate post.)
Thanks again for your help!

DDS (Ver_10-03-17.01) - NTFSx86
Run by - J.B. - at 23:42:37.18 on Sat 10/09/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1470 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\C Technologies\C-Pen 20\CPen20.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\C Technologies\C-Pen 20\CPenOCR.exe
C:\Program Files\C Technologies\C-Pen 20\CPenDesk.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k SDRSVC
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\TEMP\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://my.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090130
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090130
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100917043255.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\users\temp\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\temp\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\c-pen2~1.lnk - c:\windows\installer\{e4cee700-1875-4214-9cbe-6058f5cf400e}\_FDCC84357FB9_4591_9BEA_C051AC901091.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-13 386712]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-5-13 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-5-13 164808]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-5-11 54776]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-1-30 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-1-30 179712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-30 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-30 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-13 312904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-13 55840]
S3 CPen20;C-Pen 20;c:\windows\system32\drivers\CPen20.sys [2008-5-14 14382]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-30 30192]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-13 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-30 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-30 40552]
S3 pendfu;PenDfu (pendfu.sys);c:\windows\system32\drivers\pendfu.sys [2008-5-14 32376]

=============== Created Last 30 ================

2010-10-05 03:05:36 0 d-----w- c:\users\temp\appdata\roaming\foobar2000
2010-10-05 02:05:39 0 d-----w- c:\programdata\Citrix
2010-10-05 01:55:31 103784 ----a-w- c:\users\temp\GoToAssistDownloadHelper.exe
2010-10-05 01:36:28 0 d-----w- c:\users\temp\appdata\roaming\McAfee
2010-10-05 00:59:21 0 d-----w- c:\users\temp\appdata\roaming\Intel
2010-10-05 00:58:09 0 d-----w- c:\users\temp\Bluetooth Software
2010-10-05 00:56:36 0 d-----w- c:\users\temp\appdata\roaming\Dell
2010-09-28 22:40:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-15 01:17:57 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 01:10:57 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 01:10:28 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 01:01:42 739328 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-08-24 18:57:38 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 18:57:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 18:57:38 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 18:57:38 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 18:57:38 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 18:57:38 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 18:57:38 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 18:57:38 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 18:57:38 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 18:57:38 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-13 21:04:55 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-13 21:04:55 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-13 21:04:53 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 01:50:20 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-15 07:12:41 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-01-30 19:46:16 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:44:55.57 ===============

jinxpr00f
2010-10-10, 10:24
the RkU report is still too long to paste, so I added it as an attachment. (I guess I could have added it to the last post... sorry about that.)

Blade81
2010-10-10, 10:37
Hi,

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the quote box into a new file:



@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
ping -n 2 google.com
route print
)
start Log1.txt
del %0



Go to the File menu at the top of the Notepad and select Save as.
Select save in: desktop
Fill in File name: test.bat
Save as type: All file types (*.*)
Click save.
Close the Notepad.
Locate and double-click test.bat on the desktop.
A notepad opens, copy and paste the content it (log1.txt) to your reply.

jinxpr00f
2010-10-10, 22:50
Windows IP Configuration

Host Name . . . . . . . . . . . . : JB-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-22-69-C2-F1-C6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-21-5C-6A-CF-91
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8d73:9fe0:d0cd:2cd5%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.71(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, October 10, 2010 3:28:47 PM
Lease Expires . . . . . . . . . . : Monday, October 11, 2010 3:28:48 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201335132
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-14-A5-AC-00-22-19-D1-8A-43
DNS Servers . . . . . . . . . . . : 192.168.1.1
151.197.0.39
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Fast Ethernet
Physical Address. . . . . . . . . : 00-22-19-D1-8A-43
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2469:338a:3f57:feb8(Preferred)
Link-local IPv6 Address . . . . . : fe80::2469:338a:3f57:feb8%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{8CF29AAC-12B0-445D-9744-5ABF034AC5AC}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{8BA5DD3B-77B5-4209-9046-62A873C0962E}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging google.com [72.14.204.99] with 32 bytes of data:

Request timed out.

Reply from 72.14.204.99: bytes=32 time=17ms TTL=54



Ping statistics for 72.14.204.99:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 17ms, Average = 17ms

===========================================================================
Interface List
14 ...00 22 69 c2 f1 c6 ...... Bluetooth Device (Personal Area Network)
12 ...00 21 5c 6a cf 91 ...... Intel(R) Wireless WiFi Link 4965AGN
11 ...00 22 19 d1 8a 43 ...... Broadcom NetLink (TM) Fast Ethernet
1 ........................... Software Loopback Interface 1
17 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
16 ...00 00 00 00 00 00 00 e0 isatap.{8CF29AAC-12B0-445D-9744-5ABF034AC5AC}
15 ...00 00 00 00 00 00 00 e0 isatap.{8BA5DD3B-77B5-4209-9046-62A873C0962E}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.71 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.71 281
192.168.1.71 255.255.255.255 On-link 192.168.1.71 281
192.168.1.255 255.255.255.255 On-link 192.168.1.71 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.71 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.71 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:2469:338a:3f57:feb8/128
On-link
12 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::2469:338a:3f57:feb8/128
On-link
12 281 fe80::8d73:9fe0:d0cd:2cd5/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

jinxpr00f
2010-10-10, 23:12
Just a vote - the log listed in my last post ^ was generated while at an unsecured network at a coffee shop - I don't know if that has any bearing on what information you are looking to find. If you want, I can run it again when I get home in about 2 hours.

Thanks!

Blade81
2010-10-11, 11:48
Please get the log while connected in your own network. By the way, did redirecting occur with coffee shop connection too?

jinxpr00f
2010-10-11, 20:53
Hi, thanks for your reply. The redirecting seems to only occur in both locations, but moreso when at home. I ran Spybot again last night & it now picks up the Fraud Defense Center malware again:

Fraud.DefenseCenter: [SBI $8B9C68F8] Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2430709345-3396120235-355734457-1000.bak\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr


The new log created from my home network is shown below:

Windows IP Configuration

Host Name . . . . . . . . . . . . : JB-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : richmondair.net

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-22-69-C2-F1-C6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : richmondair.net
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-21-5C-6A-CF-91
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8d73:9fe0:d0cd:2cd5%12(Preferred)
IPv4 Address. . . . . . . . . . . : 10.5.50.86(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, October 10, 2010 6:19:57 PM
Lease Expires . . . . . . . . . . : Wednesday, October 13, 2010 6:19:57 PM
Default Gateway . . . . . . . . . : 10.5.50.1
DHCP Server . . . . . . . . . . . : 192.168.63.1
DHCPv6 IAID . . . . . . . . . . . : 201335132
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-14-A5-AC-00-22-19-D1-8A-43
DNS Servers . . . . . . . . . . . : 204.8.205.2
204.8.205.6
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Fast Ethernet
Physical Address. . . . . . . . . : 00-22-19-D1-8A-43
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : richmondair.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c17:3cfb:f5fa:cda9(Preferred)
Link-local IPv6 Address . . . . . : fe80::c17:3cfb:f5fa:cda9%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{8CF29AAC-12B0-445D-9744-5ABF034AC5AC}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{8BA5DD3B-77B5-4209-9046-62A873C0962E}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 204.8.205.2

Name: google.com
Addresses: 72.14.204.103
72.14.204.104
72.14.204.147
72.14.204.99



Pinging google.com [72.14.204.99] with 32 bytes of data:

Reply from 72.14.204.99: bytes=32 time=404ms TTL=52

Reply from 72.14.204.99: bytes=32 time=428ms TTL=52



Ping statistics for 72.14.204.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 404ms, Maximum = 428ms, Average = 416ms

===========================================================================
Interface List
14 ...00 22 69 c2 f1 c6 ...... Bluetooth Device (Personal Area Network)
12 ...00 21 5c 6a cf 91 ...... Intel(R) Wireless WiFi Link 4965AGN
11 ...00 22 19 d1 8a 43 ...... Broadcom NetLink (TM) Fast Ethernet
1 ........................... Software Loopback Interface 1
17 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
16 ...00 00 00 00 00 00 00 e0 isatap.{8CF29AAC-12B0-445D-9744-5ABF034AC5AC}
15 ...00 00 00 00 00 00 00 e0 isatap.{8BA5DD3B-77B5-4209-9046-62A873C0962E}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.5.50.1 10.5.50.86 25
10.5.50.0 255.255.255.0 On-link 10.5.50.86 281
10.5.50.86 255.255.255.255 On-link 10.5.50.86 281
10.5.50.255 255.255.255.255 On-link 10.5.50.86 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.5.50.86 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.5.50.86 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:c17:3cfb:f5fa:cda9/128
On-link
12 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::c17:3cfb:f5fa:cda9/128
On-link
12 281 fe80::8d73:9fe0:d0cd:2cd5/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

Blade81
2010-10-11, 21:08
Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

jinxpr00f
2010-10-12, 06:11
I've downloaded Combofix & was getting ready to run it after I disabled Windows Defender & McAfee. I seem to be having an issue with McAfee. I opened it to disable it, but it has frozen. I won't allow me to access the options, nor will it even let me close it. I right-clicked the tab and now I've got the box listing Restore/Minimize/Maximize/Close options frozen in the middle of my screen. I know restarting won't close it - do you have any suggestions? As I mentioned initially, I'm not the most tech-savvy guy in the world, so please try not to laugh.

Blade81
2010-10-12, 18:36
Hi,

If possible, please uninstall McAfee for now. It can be reinstalled later.

jinxpr00f
2010-10-12, 22:32
I just uninstalled McAfee & McAfee virtual technician. I was prompted to do a restart to finish uninstalling & when I did so, most what I had saved to my desktop was gone: Combofix, ERUNT, Rootkit unhooker, DDS, (basically everything you had requested that I save up until this point. Spybot is still installed though. Everything saved in my Favorites tab on my screen has been deleted (although my bookmarks are still available via my Favorites folder inside my Documents folder. My browsing history has also been deleted. When I checked my Programs and Features, McAfee Virtual technician still shows up twice: once dated 7-79-2009 and 10-4-2010. ERUNT is still listed as well, which is odd because right after the restart it isn't showing up in my Desktop folder.

One other thing I've noticed is that webpages now load quicker without McAfee being installed, but I still haven't run Combofix - it's not on my PC anymore apparently. What should I do to proceed?

Thanks.

jinxpr00f
2010-10-13, 08:00
Hi,

I went ahead and downloaded DDS again & have enclosed the two logs.
I was able to locate the ERUNT application in my Program Files folder, so I'm clueless as to why uninstalling McAfee removed the shortcut icons from several items I had saved (including ERUNT) as well as completely removing Combofix & RkU. Anyway, thanks for your help so far, & here's some current information:


DDS (Ver_10-10-10.03) - NTFSx86
Run by - J.B. - at 17:20:57.85 on Tue 10/12/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.2186 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\C Technologies\C-Pen 20\CPen20.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\C Technologies\C-Pen 20\CPenOCR.exe
C:\Program Files\C Technologies\C-Pen 20\CPenDesk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\- J.B. -\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://my.yahoo.com/p/1.html
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090130
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090130
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [wmsdk64_32.exe] c:\users\-jb~1.-\appdata\local\temp\wmsdk64_32.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\-jb~1.-\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\-jb~1.-\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\c-pen2~1.lnk - c:\windows\installer\{e4cee700-1875-4214-9cbe-6058f5cf400e}\_FDCC84357FB9_4591_9BEA_C051AC901091.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-1-30 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-10 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-1-30 179712]
S2 0113491286900196mcinstcleanup;McAfee Application Installer Cleanup (0113491286900196);c:\users\temp\appdata\local\temp\011349~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\temp\appdata\local\temp\011349~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MOBCleanup;MOBCleanup;"c:\users\temp\appdata\local\temp\mobcleanup.exe" --> c:\users\temp\appdata\local\temp\MOBCleanup.exe [?]
S3 CPen20;C-Pen 20;c:\windows\system32\drivers\CPen20.sys [2008-5-14 14382]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-30 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-30 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-30 40552]
S3 pendfu;PenDfu (pendfu.sys);c:\windows\system32\drivers\pendfu.sys [2008-5-14 32376]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-12 16:27:23 -------- d-----r- c:\users\- j.b. -\Favorites
2010-10-12 15:37:12 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{c8a7157c-dcbb-47a8-acb2-f8115ef10425}\mpengine.dll
2010-10-05 02:05:39 -------- d-----w- c:\progra~2\Citrix
2010-10-05 00:55:22 -------- d-----r- c:\users\- j.b. -\Videos
2010-10-05 00:55:22 -------- d-----r- c:\users\- j.b. -\Pictures
2010-10-05 00:55:22 -------- d-----r- c:\users\- j.b. -\Documents
2010-09-28 22:40:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 22:18:28 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-15 05:00:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-09-15 01:17:57 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 01:10:57 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 01:10:28 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 01:01:42 739328 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================


============= FINISH: 17:21:33.04 ===============

Blade81
2010-10-13, 10:58
I'm clueless as to why uninstalling McAfee removed the shortcut icons from several items I had saved (including ERUNT) as well as completely removing Combofix & RkU
Yep, that's weird indeed. Like system restored to earlier date.

Let's see if ComboFix runs now.

jinxpr00f
2010-10-13, 20:43
Hi,

I downloaded Combofix again & ran it. The report is shown below.

Thanks!

ComboFix 10-10-12.03 - - J.B. - 10/13/2010 13:03:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1960 [GMT -4:00]
Running from: c:\users\- J.B. -\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-09-13 to 2010-10-13 )))))))))))))))))))))))))))))))
.

2010-10-13 17:08 . 2010-10-13 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-06 02:38 . 2010-10-06 02:39 -------- d-----w- c:\program files\ERUNT
2010-10-05 02:05 . 2010-10-05 02:05 -------- d-----w- c:\programdata\Citrix
2010-09-28 22:40 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 22:18 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-15 05:00 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-09-15 01:17 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 01:10 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 01:10 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 01:01 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-30 18:29 . 2009-02-10 00:14 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-20 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\users\- J.B. -\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
C-Pen 20.lnk - c:\windows\Installer\{E4CEE700-1875-4214-9CBE-6058F5CF400E}\_FDCC84357FB9_4591_9BEA_C051AC901091.exe [2009-2-10 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-30 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 0113491286900196mcinstcleanup;McAfee Application Installer Cleanup (0113491286900196);c:\users\TEMP\AppData\Local\Temp\011349~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MOBCleanup;MOBCleanup;c:\users\TEMP\AppData\Local\Temp\MOBCleanup.exe [x]
R3 CPen20;C-Pen 20;c:\windows\system32\Drivers\CPen20.sys [2008-05-14 14382]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-20 30192]
R3 pendfu;PenDfu (pendfu.sys);c:\windows\system32\Drivers\pendfu.sys [2008-05-14 32376]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/p/1.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,f9,44,03,b9,9f,9d,4f,a2,a4,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,f9,44,03,b9,9f,9d,4f,a2,a4,bd,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-13 13:09:38
ComboFix-quarantined-files.txt 2010-10-13 17:09

Pre-Run: 162,186,584,064 bytes free
Post-Run: 162,166,759,424 bytes free

- - End Of File - - 1C8C1D2D2376E3FF4BE70D7122710057

Blade81
2010-10-14, 07:46
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



DDS::
uRun: [wmsdk64_32.exe] c:\users\-jb~1.-\appdata\local\temp\wmsdk64_32.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.4) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 22 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

jinxpr00f
2010-10-14, 08:37
It seems that Combofix has been deleted from my PC yet again. I went to drag the script into the Combofix icon on my desktop, then an error notification... then the Combofix icon was gone. I then tried to download Combofix again & got an erroe message saying Destination Folder access denied > You need permission to perform this action > Try again

Each time I click the Try Again window, another one pops up.

Should I take care of the other steps you listed without having taken care of this first one? By the way, I went to the McAfee site and downloaded my subscription again. I did a restart & I tried to open the McAfee control panel but I only get a blank white box & a warning showing that my computer is not fully protected, but I can't access anything because the box is empty...:banghead:

Blade81
2010-10-14, 09:37
Hi,

Was McAfee installed before ComboFix issue occured? If so, please keep McAfee uninstalled until we've finished with ComboFix (I'll let you know).

jinxpr00f
2010-10-14, 09:54
No I reinstalled McAfee earlier this evening - I ran Combofix yesterday evening & the report shown of that scan is shown in my earlier post. If I uninstall McAfee again, will I be able to reinstall it? I don't know if I can download it again from the McAfee website (but my subscription runs through May 2011). I updated my Java & unless I'm mistaken, my adobe 9.4 update was installed on October 12th. I downloaded & ran ATF-Cleaner; I'm running the Kapersky scan as I type this. I'll post that report & a new DDS log shortly (20-30mins.)

Thanks again!

jinxpr00f
2010-10-14, 10:30
Hi again, I think I misread your question before.
The Combofix log shown in my earlier post was from when I ran it yesterday. The issue with the Combofix icon disappearing when I tried to drag the script into it did occur after I had reinstalled McAfee. I guess it really doesn’t like the Combofix program??

During the McAfee install I was prompted to uninstall Spybot, but that seems to be the only program on my Desktop that does work, so I left it installed despite McAfee’s prompts to remove it. (By the way, I made sure to disable Spybot prior to running Combofix & getting that earlier report.)

The Kapersky scan is taking quite a while to run, so I’m going to go ahead and post the new DDS log & call it a night (it’s 3:20 am where I am.) If you get this message, can you advise me whether I should uninstall McAfee/reinstall Combofix? Will I be able to reinstall it again from their site?

When I get back online later today, I’ll post the Kapersky log & hopefully know what you suggest for my McAfee problem. Thank you for your patience & your help!

DDS (Ver_10-10-10.03) - NTFSx86
Run by - J.B. - at 3:25:16.40 on Thu 10/14/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1215 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\C Technologies\C-Pen 20\CPen20.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\C Technologies\C-Pen 20\CPenOCR.exe
C:\Program Files\C Technologies\C-Pen 20\CPenDesk.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Users\- J.B. -\AppData\Local\Temp\jkos-- J.B. -\binaries\ScanningProcess.exe
C:\Users\- J.B. -\AppData\Local\Temp\jkos-- J.B. -\binaries\ScanningProcess.exe
C:\Program Files\microsoft office\office12\winword.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\- J.B. -\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/p/1.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\-jb~1.-\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\-jb~1.-\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\c-pen2~1.lnk - c:\windows\installer\{e4cee700-1875-4214-9cbe-6058f5cf400e}\_FDCC84357FB9_4591_9BEA_C051AC901091.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 386712]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-10-14 54776]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-1-30 179712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-14 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-14 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-30 40552]
S3 CPen20;C-Pen 20;c:\windows\system32\drivers\CPen20.sys [2008-5-14 14382]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-30 34248]
S3 pendfu;PenDfu (pendfu.sys);c:\windows\system32\drivers\pendfu.sys [2008-5-14 32376]

=============== Created Last 30 ================

2010-10-14 05:55:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-14 04:53:27 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-10-14 04:53:26 -------- d-----w- c:\program files\McAfee Online Backup
2010-10-14 04:51:17 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-14 04:51:17 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-14 04:51:15 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-10-13 23:56:50 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 23:56:50 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 23:55:01 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 23:50:00 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 23:50:00 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 23:49:31 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 23:49:29 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 23:49:25 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 17:09:07 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-13 16:57:13 98816 ----a-w- c:\windows\sed.exe
2010-10-13 16:57:13 77312 ----a-w- c:\windows\MBR.exe
2010-10-13 16:57:13 256512 ----a-w- c:\windows\PEV.exe
2010-10-13 16:57:13 161792 ----a-w- c:\windows\SWREG.exe
2010-10-13 16:57:07 -------- d-----w- C:\ComboFix
2010-10-12 16:27:23 -------- d-----r- c:\users\- j.b. -\Favorites
2010-10-12 15:37:12 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{c8a7157c-dcbb-47a8-acb2-f8115ef10425}\mpengine.dll
2010-10-05 02:05:39 -------- d-----w- c:\progra~2\Citrix
2010-10-05 00:55:22 -------- d-----r- c:\users\- j.b. -\Videos
2010-10-05 00:55:22 -------- d-----r- c:\users\- j.b. -\Pictures
2010-10-05 00:55:22 -------- d-----r- c:\users\- j.b. -\Documents
2010-09-28 22:40:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 22:18:28 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-15 05:00:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-09-15 01:17:57 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 01:10:57 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 01:10:28 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 01:01:42 739328 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 3:27:29.29 ===============

Blade81
2010-10-14, 15:37
If you get this message, can you advise me whether I should uninstall McAfee/reinstall Combofix? Will I be able to reinstall it again from their site?
As I told earlier, it's better keep McAfee uninstalled until we've finished with ComboFix. I'm not very familiar with McAfee but I assume you'll be able to use downloaded version as long as you use your valid subscription license.

Also, Spybot shouldn't interfere with McAfee.

jinxpr00f
2010-10-14, 23:25
Hi & thanks for getting back to me. I think I've screwed things up pretty good this time. I went ahead & tried to uninstall McAfee & McAfee virtual technician. When I restarted, I had the exact same issue I had before when McAfee auto-updated and moved everything - the exact thing I described in my very first post. I tried to get a new DDS log, but every time I double-click the icon, I get the dialog box for about 2 seconds, then it disappears & doesn't produce any reports. When I ran the Ka[ersky scan last night it did not pick up anything. One other thing I noted: when I restarted this last time, I got a Registry Editor notification stating:

"C:\windows\regedit.exe"\S
"C:\Program files\C Technologies\C-Pen20\Default.reg"

(C-Pen is a handheld scanner I've used for a couple years for scanning stuff from my textbooks into word files for school.)

Blade81
2010-10-15, 07:45
Hi,

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

jinxpr00f
2010-10-15, 08:28
Thanks for getting back to me. One additional thing I noticed by accident - I got frustrated when my Desktop got reset again & my files were moved, so I restarted my laptop again just to see what it would do... Everything moved back again - my files my desktop wallpaper, programs - all back on my Desktop. DDS still wouldn't run & Combofix was still missing (& my Windows Media Player wouldn't work for some reason.) Anyway, I just thought I'd let you know. Here's the OTL.txt:

OTL logfile created on: 10/15/2010 1:12:21 AM - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\- J.B. -\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 162.97 Gb Free Space | 57.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.33 Gb Free Space | 43.25% Space Free | Partition Type: NTFS

Computer Name: JB-PC | User Name: - J.B. - | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\- J.B. -\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell Support Center\gs_agent\dsc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\C Technologies\C-Pen 20\CPenOCR.exe ()
PRC - C:\Program Files\C Technologies\C-Pen 20\CPenDesk.exe (Anoto AB)
PRC - C:\Program Files\C Technologies\C-Pen 20\CPen20.exe (Anoto AB)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Brownie\brpjp04a.exe (brother)
PRC - C:\Program Files\Brownie\BrStsWnd.exe (brother)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)


========== Modules (SafeList) ==========

MOD - C:\Users\- J.B. -\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe File not found
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe File not found
SRV - (MOBCleanup) -- C:\Users\TEMP\AppData\Local\Temp\MOBCleanup.exe File not found
SRV - (McSysmon) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe File not found
SRV - (McShield) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe File not found
SRV - (McProxy) -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe File not found
SRV - (McODS) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe File not found
SRV - (McNASvc) -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe File not found
SRV - (mcmscsvc) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe File not found
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe File not found
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\-JB~1.-\AppData\Local\Temp\catchme.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (pendfu) PenDfu (pendfu.sys) -- C:\Windows\System32\drivers\pendfu.sys (Anoto AB)
DRV - (CPen20) -- C:\Windows\System32\drivers\CPen20.sys (Anoto)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/p/1.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/14 15:55:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\- J.B. -\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.8.205.2 204.8.205.6
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\- J.B. -\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\- J.B. -\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/10/15 00:51:57 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\- J.B. -\Desktop\OTL.exe
[2010/10/14 01:58:13 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\- J.B. -\Desktop\ATF-Cleaner.exe
[2010/10/14 01:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/14 01:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/14 01:55:59 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/10/14 01:55:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/14 01:55:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/14 01:55:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/14 01:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/14 01:48:24 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\- J.B. -\Desktop\jre-6u22-windows-i586.exe
[2010/10/14 00:53:27 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\Windows\System32\drivers\MOBK.sys
[2010/10/14 00:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/10/14 00:51:17 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010/10/14 00:51:17 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010/10/14 00:51:15 | 000,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2010/10/13 19:56:50 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/13 19:55:01 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/13 19:54:14 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/13 19:54:07 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/13 19:54:04 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/13 19:54:03 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/13 19:54:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/13 19:54:02 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/13 19:54:02 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/13 19:54:02 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/13 19:54:02 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/13 19:54:02 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/13 19:54:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/13 19:54:02 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/13 19:54:02 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/13 19:54:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/13 19:54:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/13 19:54:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/13 19:54:02 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/13 19:54:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/13 19:54:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/13 19:50:00 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/13 19:50:00 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/13 19:49:31 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/13 19:49:29 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/13 13:09:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/13 13:09:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/13 12:57:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/13 12:57:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/13 12:57:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/13 12:57:07 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/13 12:56:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/13 12:56:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/12 23:57:04 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\patton_oswalt-my_weakness_is_strong(2009)
[2010/10/12 17:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/12 12:27:23 | 000,000,000 | R--D | C] -- C:\Users\- J.B. -\Favorites
[2010/10/10 01:57:10 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\MALWARE REMOVAL (2010)
[2010/10/08 21:37:57 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\metalheadz_platinum-seba-methpla010-web-2010
[2010/10/05 22:40:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/05 22:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/04 23:06:18 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\-unshared-
[2010/10/04 23:05:43 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\tunes to clean up or edit in goldwave
[2010/10/04 23:05:43 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\tracks to add to mp3 player
[2010/10/04 23:05:43 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\stuff to move to another hard_drive
[2010/10/04 23:05:22 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\still_need_to_listen_to
[2010/10/04 23:05:19 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\Soulseek Chat Logs
[2010/10/04 23:04:59 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\random_word_documents
[2010/10/04 23:04:55 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\OneNote Notebooks
[2010/10/04 23:02:26 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\ODU_Classes
[2010/10/04 22:52:52 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\Non-DnB(removed from laptop to save space)
[2010/10/04 22:52:47 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\lisa_gerrard-departum
[2010/10/04 22:47:17 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\JANES SHOWS
[2010/10/04 22:47:02 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\+resume_(revisions-etc.)
[2010/10/04 22:47:02 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\+INCOMING+
[2010/10/04 22:46:50 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\++need to listen to these
[2010/10/04 22:45:20 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\+ tracks for CD
[2010/10/04 22:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2010/10/04 20:58:26 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\My Google Gadgets
[2010/10/04 20:58:09 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\Bluetooth Exchange Folder
[2010/10/04 20:55:26 | 000,000,000 | -HSD | C] -- C:\Users\- J.B. -\Documents\My Videos
[2010/10/04 20:55:25 | 000,000,000 | -HSD | C] -- C:\Users\- J.B. -\Documents\My Pictures
[2010/10/04 20:55:25 | 000,000,000 | -HSD | C] -- C:\Users\- J.B. -\Documents\My Music
[2010/10/04 20:55:22 | 000,000,000 | R--D | C] -- C:\Users\- J.B. -\Videos
[2010/10/04 20:55:22 | 000,000,000 | R--D | C] -- C:\Users\- J.B. -\Pictures
[2010/10/04 20:55:22 | 000,000,000 | R--D | C] -- C:\Users\- J.B. -\Documents
[2010/09/28 18:40:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/07/24 00:19:41 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\- J.B. -\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2010/10/15 01:01:05 | 000,000,319 | ---- | M] () -- C:\Windows\Brownie.ini
[2010/10/15 01:00:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 01:00:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 01:00:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/15 01:00:37 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/15 01:00:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/15 01:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/10/15 00:51:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\- J.B. -\Desktop\OTL.exe
[2010/10/14 21:28:24 | 000,544,768 | ---- | M] () -- C:\Users\- J.B. -\Desktop\dds.com
[2010/10/14 21:06:57 | 000,005,972 | ---- | M] () -- C:\Users\- J.B. -\AppData\Local\d3d9caps.dat
[2010/10/14 15:54:31 | 000,007,454 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/10/14 03:30:11 | 000,001,895 | ---- | M] () -- C:\Users\- J.B. -\Documents\Attach-Oct.14.zip
[2010/10/14 01:58:15 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\- J.B. -\Desktop\ATF-Cleaner.exe
[2010/10/14 01:55:13 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/14 01:55:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/14 01:55:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/14 01:55:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/10/14 01:48:26 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\- J.B. -\Desktop\jre-6u22-windows-i586.exe
[2010/10/14 00:58:14 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/10/14 00:58:03 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/13 16:27:50 | 000,012,843 | ---- | M] () -- C:\Users\- J.B. -\Documents\advantages_of_finishing_college_at_my_age.docx
[2010/10/13 00:10:44 | 000,184,832 | ---- | M] () -- C:\Users\- J.B. -\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/12 17:48:42 | 000,000,848 | ---- | M] () -- C:\Users\- J.B. -\Desktop\foobar2000.lnk
[2010/10/10 18:25:09 | 000,647,048 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/10 18:25:09 | 000,122,008 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/05 18:27:19 | 002,922,470 | ---- | M] () -- C:\Users\- J.B. -\Documents\performance report - 10-05-10.html
[2010/09/20 20:59:39 | 000,008,196 | ---- | M] () -- C:\Users\- J.B. -\Documents\updated cd for car (non-dnb).fpl
[2010/09/20 20:54:54 | 007,355,435 | ---- | M] () -- C:\Users\- J.B. -\Documents\janes-True Nature.mp3

========== Files Created - No Company Name ==========

[2010/10/14 03:30:11 | 000,001,895 | ---- | C] () -- C:\Users\- J.B. -\Documents\Attach-Oct.14.zip
[2010/10/14 00:54:50 | 000,007,454 | ---- | C] () -- C:\Windows\System32\Config.MPF
[2010/10/14 00:51:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2010/10/14 00:51:01 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2010/10/13 16:27:50 | 000,012,843 | ---- | C] () -- C:\Users\- J.B. -\Documents\advantages_of_finishing_college_at_my_age.docx
[2010/10/13 12:57:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/13 12:57:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/13 12:57:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/13 12:57:13 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/13 12:57:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/12 17:48:42 | 000,000,848 | ---- | C] () -- C:\Users\- J.B. -\Desktop\foobar2000.lnk
[2010/10/12 17:19:49 | 000,544,768 | ---- | C] () -- C:\Users\- J.B. -\Desktop\dds.com
[2010/10/05 18:28:52 | 002,922,470 | ---- | C] () -- C:\Users\- J.B. -\Documents\performance report - 10-05-10.html
[2010/10/04 23:09:21 | 007,469,543 | ---- | C] () -- C:\Users\- J.B. -\Documents\lisa_gerrard-waters_run_deep_(balibo_soundtrack).mp3
[2010/10/04 23:09:19 | 011,226,123 | ---- | C] () -- C:\Users\- J.B. -\Documents\lisa_gerrard-the_invasion_(balibo_soundtrack).mp3
[2010/10/04 23:09:17 | 011,424,300 | ---- | C] () -- C:\Users\- J.B. -\Documents\lisa_gerrard-a_passage_for_truth_(balibo_soundtrack).mp3
[2010/10/04 23:09:17 | 010,929,420 | ---- | C] () -- C:\Users\- J.B. -\Documents\lisa_gerrard-childhood_reflections_(balibo_soundtrack).mp3
[2010/10/04 23:09:16 | 007,355,435 | ---- | C] () -- C:\Users\- J.B. -\Documents\janes-True Nature.mp3
[2010/10/04 23:09:16 | 000,009,055 | ---- | C] () -- C:\Users\- J.B. -\Documents\feb26playlist for cd.fpl
[2010/10/04 23:09:16 | 000,005,549 | ---- | C] () -- C:\Users\- J.B. -\Documents\june8.fpl
[2010/10/04 23:09:07 | 061,619,304 | ---- | C] () -- C:\Users\- J.B. -\Documents\fanu-presents_allfanumix_vol6.mp3
[2010/10/04 23:09:07 | 000,060,094 | ---- | C] () -- C:\Users\- J.B. -\Documents\DnB_links-July2010.docx
[2010/10/04 23:09:07 | 000,012,372 | ---- | C] () -- C:\Users\- J.B. -\Documents\driving_music-master_tracklist.docx
[2010/10/04 23:08:59 | 055,257,646 | ---- | C] () -- C:\Users\- J.B. -\Documents\dj_lee_march2010_podcast.mp3
[2010/10/04 23:08:59 | 000,006,567 | ---- | C] () -- C:\Users\- J.B. -\Documents\deftones_for_the_car.fpl
[2010/10/04 22:45:20 | 000,063,791 | ---- | C] () -- C:\Users\- J.B. -\Documents\torrent help thread.htm
[2010/10/04 22:45:20 | 000,009,374 | ---- | C] () -- C:\Users\- J.B. -\Documents\updated cd for car-non-dnb.fpl
[2010/10/04 22:45:20 | 000,008,196 | ---- | C] () -- C:\Users\- J.B. -\Documents\updated cd for car (non-dnb).fpl
[2010/10/04 22:45:19 | 000,129,781 | ---- | C] () -- C:\Users\- J.B. -\Documents\spyware_removal_help_page.htm
[2010/10/04 22:45:18 | 046,993,281 | ---- | C] () -- C:\Users\- J.B. -\Documents\silent_witness-reprise_podcast006.mp3
[2010/10/04 22:45:18 | 000,009,789 | ---- | C] () -- C:\Users\- J.B. -\Documents\new non-dnb cd for car.fpl
[2010/02/07 19:51:12 | 000,005,972 | ---- | C] () -- C:\Users\- J.B. -\AppData\Local\d3d9caps.dat
[2010/01/17 03:00:41 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/17 03:00:40 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/17 03:00:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/17 03:00:40 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/01/17 03:00:38 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/19 23:58:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/11 22:47:15 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2009/02/09 17:06:52 | 000,184,832 | ---- | C] () -- C:\Users\- J.B. -\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/06 20:59:30 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2009/02/06 20:59:30 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009/02/06 20:58:45 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/02/06 20:58:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2009/02/06 20:58:41 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2140.INI
[2009/02/06 20:56:51 | 000,000,319 | ---- | C] () -- C:\Windows\Brownie.ini
[2009/01/30 15:59:55 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/01/30 15:59:55 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/01/30 15:59:55 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/01/30 15:59:55 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/01/30 15:59:50 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/10/13 13:09:39 | 000,007,842 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/01/30 16:00:03 | 000,005,298 | RH-- | M] () -- C:\dell.sdr
[2010/10/15 01:00:37 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/15 01:00:36 | 4061,261,824 | -HS- | M] () -- C:\pagefile.sys
[2009/01/30 14:49:15 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-14 04:31:18

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >


Extras.txt:

OTL Extras logfile created on: 10/15/2010 1:04:30 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\- J.B. -\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 162.95 Gb Free Space | 57.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.33 Gb Free Space | 43.25% Space Free | Partition Type: NTFS

Computer Name: JB-PC | User Name: - J.B. - | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BD8E66E1-3997-4359-9870-570E00A09E57}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055E6E02-D0BF-4BED-B3B4-317BC1A99056}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{1DB223F0-BC09-4ABA-80E0-0BB3E5B552BF}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{360650E4-3995-4851-B22A-31DF18A75871}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{496CF3E1-64F6-4136-A357-D2E22DDF0C8E}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{7711935B-733E-4A4D-A79A-383579CE477D}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{799C5325-E5A8-4FC2-BEDB-DFAA6F842569}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{7BDA1E6E-22CA-40CB-A1C9-5565AD6FE91A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8BF0204E-C3B7-4185-AA83-DA105AD16435}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{918F1C52-FAB5-49D6-BB6B-478ABDEFAB08}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{A12B8B20-8F76-4323-9F6A-132548D3059B}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{A86056D7-42A2-47FF-A482-B2E4BF041C2A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E402FA13-38B4-4CA6-A862-4E5B71770293}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F74486B3-EAF9-4077-8C81-CAF31077F184}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"TCP Query User{025C1B0C-C104-4F3A-B528-184655D479D6}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{CA3A09BB-E8D9-43AB-9D91-B8BDE6EE1A05}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}" = EarthLink Setup Files
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{5A924482-72B8-4E1F-91CE-27EA706A93AF}" = Brother HL-2140
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4CEE700-1875-4214-9CBE-6058F5CF400E}" = Ectaco C-Pen 20
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"foobar2000" = foobar2000 v0.9.6.2
"GoldWave v5.52" = GoldWave v5.52
"Google Desktop" = Google Desktop
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee SecurityCenter
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"ProInst" = Intel(R) PROSet/Wireless Software
"ULTIMATER" = Microsoft Office Ultimate 2007
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2010 8:16:38 PM | Computer Name = JB-PC | Source = VSS | ID = 8193
Description =

Error - 10/11/2010 12:44:23 AM | Computer Name = JB-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18943, time stamp
0x4c25813d, faulting module IEShims.dll, version 8.0.6001.18943, time stamp 0x4c25980e,
exception code 0xc0000005, fault offset 0x00021e16, process id 0x394, application
start time 0x01cb68fef96542c0.

Error - 10/11/2010 2:43:58 PM | Computer Name = JB-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18943, time stamp
0x4c25813d, faulting module SHELL32.dll, version 6.0.6002.18287, time stamp 0x4c4daf14,
exception code 0xc0000005, fault offset 0x0006b96d, process id 0x156c, application
start time 0x01cb696a8b3f89b0.

Error - 10/12/2010 11:36:33 AM | Computer Name = JB-PC | Source = VSS | ID = 8193
Description =

Error - 10/12/2010 12:20:10 PM | Computer Name = JB-PC | Source = McLogEvent | ID = 5004
Description =

Error - 10/12/2010 12:20:10 PM | Computer Name = JB-PC | Source = McLogEvent | ID = 5022
Description =

Error - 10/12/2010 12:20:10 PM | Computer Name = JB-PC | Source = McLogEvent | ID = 5004
Description =

Error - 10/12/2010 12:20:10 PM | Computer Name = JB-PC | Source = McLogEvent | ID = 5022
Description =

Error - 10/12/2010 12:26:40 PM | Computer Name = JB-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2010 3:20:13 PM | Computer Name = JB-PC | Source = Application Hang | ID = 1002
Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 740 Start Time: 01cb6a42732ffe30 Termination Time: 27

[ System Events ]
Error - 10/15/2010 12:58:54 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 12:58:54 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:00:49 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:00:49 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:00:49 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:00:49 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:00:49 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:00:49 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:02:50 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:02:50 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Blade81
2010-10-15, 20:19
Hi,

Download fresh ComboFix to your desktop and run it normally (=without cfscript). Post back the log.

jinxpr00f
2010-10-15, 21:04
ComboFix 10-10-14.04 - - J.B. - 10/15/2010 13:54:25.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.2436 [GMT -4:00]
Running from: c:\users\- J.B. -\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-09-15 to 2010-10-15 )))))))))))))))))))))))))))))))
.

2010-10-15 18:00 . 2010-10-15 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-15 17:50 . 2010-10-15 17:51 -------- d-----w- C:\32788R22FWJFW
2010-10-14 05:56 . 2010-10-14 05:56 -------- d-----w- c:\program files\Common Files\Java
2010-10-14 05:55 . 2010-10-14 05:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-14 05:55 . 2010-10-14 05:55 -------- d-----w- c:\program files\Java
2010-10-14 04:53 . 2010-02-06 01:13 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-10-14 04:53 . 2010-10-14 04:53 -------- d-----w- c:\program files\McAfee Online Backup
2010-10-14 04:51 . 2010-02-17 20:52 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-14 04:51 . 2010-02-17 20:52 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-14 04:51 . 2010-07-15 19:18 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-10-13 23:56 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 23:56 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 23:55 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 23:50 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 23:50 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 23:49 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 23:49 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 23:49 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-12 21:27 . 2010-10-12 21:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-12 15:37 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8A7157C-DCBB-47A8-ACB2-F8115EF10425}\mpengine.dll
2010-10-06 02:38 . 2010-10-06 02:39 -------- d-----w- c:\program files\ERUNT
2010-10-05 02:05 . 2010-10-05 02:05 -------- d-----w- c:\programdata\Citrix
2010-09-28 22:40 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 22:18 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-30 18:29 . 2009-02-10 00:14 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-02-06 01:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-02-06 01:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-02-06 01:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-20 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\- J.B. -\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
C-Pen 20.lnk - c:\windows\Installer\{E4CEE700-1875-4214-9CBE-6058F5CF400E}\_FDCC84357FB9_4591_9BEA_C051AC901091.exe [2009-2-10 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-30 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [x]
R2 MOBCleanup;MOBCleanup;c:\users\TEMP\AppData\Local\Temp\MOBCleanup.exe [x]
R3 CPen20;C-Pen 20;c:\windows\system32\Drivers\CPen20.sys [2008-05-14 14382]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-20 30192]
R3 pendfu;PenDfu (pendfu.sys);c:\windows\system32\Drivers\pendfu.sys [2008-05-14 32376]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-02-06 54776]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-02-06 229688]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-10-14 16:22]

2010-10-14 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-10-14 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/p/1.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
AddRemove-MSC - c:\program files\McAfee\MSC\mcuninst.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,f9,44,03,b9,9f,9d,4f,a2,a4,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,f9,44,03,b9,9f,9d,4f,a2,a4,bd,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5428)
c:\program files\McAfee Online Backup\MOBKshell.dll
.
Completion time: 2010-10-15 14:01:56
ComboFix-quarantined-files.txt 2010-10-15 18:01
ComboFix2.txt 2010-10-13 17:09

Pre-Run: 174,952,333,312 bytes free
Post-Run: 175,045,476,352 bytes free

- - End Of File - - 4E87D7C32E2AF27B7174E73524CD538D


Thank for your time!

Blade81
2010-10-15, 22:11
Hi,

Are there still issues left?

jinxpr00f
2010-10-16, 01:53
I think things are okay now. I updated Spybot and ran a scan - the results turned up DoubleClick & Web Trends Live browser entries, but Spybot says it fixed that. The browser redirects seem to be gone & the Fraud Defense Center malware hasn't shown up in a Spybot scan for a couple days.

Would you have any idea why all the files in my Documents folder keep getting moved? (I think what I'm trying to ask is why my main Documents folder (pics, videos, etc.) are no longer in that location & I have to go to OS (C:) > Users > J.B. to find them.) That was the main reason I contacted a technician @ McAfee to begin with - following an update everything was gone I freaked out thinking it had all been erased.

A couple additional questions for you...

Can you recomend any additional programs (preferrably free) that might be of use to me with regard to malware protection? I know you said you werern't that familiar with McAfee, but do you know if your ecommendations would work with McAfee?

Looking over my latest logs, do you see any unnecessary programs/bloatware/etc? I know that Citrix program was installed when I contacted McAfee for live help prior to coming here for assistance. If possible, I'd like to get rid of that and any other random things lurking in my laptop.

Any advice/comments/etc. you might have would be greatly appreciated!

Blade81
2010-10-16, 11:35
Hi,

Let's uninstall ComboFix at this point:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK




Would you have any idea why all the files in my Documents folder keep getting moved?
Let's have a little look into the registry.

Download & extract this file to it's own folder - Registry Search (http://www.xs4all.nl/~fstaal01/downloads/regsearch.zip)

Launch Registry Search
In the search box, enter (on separate lines)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


Under Search, make sure only the Value box is checked in the first row of checkboxes. All other checkboxes should be checked.

& click Ok.
Notepad will open with some text in it (the file will also be saved in the program's folder as well).
Post this text in your next reply.



I know that Citrix program was installed when I contacted McAfee for live help prior to coming here for assistance. If possible, I'd like to get rid of that and any other random things lurking in my laptop.
Delete c:\programdata\Citrix folder.

jinxpr00f
2010-10-16, 20:56
Hi, the results from the registry search are listed below. I'm also noticing my computer is running really slow - like switching from my Documents folder to my Pictures folder is taking up to 30+ seconds to open (& I don't really have that much stuff saved in there.) Webpages still load slower than normal, but not as long as when I first came to you for assistance.

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 10/16/2010 1:49:46 PM for strings:
; 'hkey_current_user\software\microsoft\windows\currentversion\explorer\shell folders
hkey_current_user\software\microsoft\windows\currentversion\explorer\shell folders
'
; 'hkey_current_user\software\microsoft\windows\currentversion\explorer\user shell folders

'
; Strings excluded from search:
; (None)
; Search in:
; Registry Values
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...


Thanks for your time!

Blade81
2010-10-16, 21:29
Hi,

I expected to see a bit different results from that registry search. Let's have another attempt.

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
SWREG QUERY "hkey_current_user\software\microsoft\windows\currentversion\explorer\shell folders" /s >Logit.txt
SWREG QUERY "hkey_current_user\software\microsoft\windows\currentversion\explorer\shell folders" /s >>Logit.txt
START Log.txt
DEL %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.

jinxpr00f
2010-10-20, 10:33
Hi,

I just wanted to touch base with you & let you know that my apartment was burglarized the other night & the thief got away with several items including my laptop. I've spent the last day or so contacting my bank, credit card companies, websites where I occasionally shop, etc. to let them know my accounts were most likely comprimised. Anyway, I just wanted to say thanks for working to resolve my computer's problems. Hopefully, I'll be getting a new computer shortly (running Windows 7) & things might run a bit more efficiently. I am still interested in any malware protection applications I could use in addition to Spybot, & any advice you might have. If you get a minute or two to spare, I'd appreciate some tips.

Thanks again for you generous asisstance! http://smilies.newcastlebeats.com/smilies/peeps.gif

JB

Blade81
2010-10-20, 19:49
my apartment was burglarized the other night & the thief got away with several items including my laptop
Sorry to hear about this :sad:


I am still interested in any malware protection applications I could use in addition to Spybot, & any advice you might have. If you get a minute or two to spare, I'd appreciate some tips.
Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html) and
AVG Free Antivirus (http://free.grisoft.com/ww.download-avg-anti-virus-free-edition)

Good commercial ones are from:
Kaspersky (http://www.kaspersky.com/homeuser) and
ESET (http://www.eset.com/products/index.php)

For antispyware protection among Spybot I recommend Malwarebytes' Anti-Malware (http://malwarebytes.org/).

Blade81
2010-10-27, 08:11
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.