Internet explorer running in background

T

tanwilliams

New member
Hiya, I hope I am posting in the right place.

I recently managed to get a virus which deleted my virus protection (mcafee), deleted my icons and seemed to do something with the hardrive. I did a system restore and things seemed to go back to normal (all my icons were back, mcafee was back). However now my computer is running really slowly and when I load task manager internet explorer is running using up a huge amount of power, this happens even when i'm not using ie.

Thank you in advance!

I couldnt run the erunt?? because it just said the network was blocked?
I have done the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Tanith at 14:32:06 on 2011-11-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2023 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Users\Tanith\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Dell Support Center\imstrayicon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111107112340.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
uRun: [Google Update] "C:\Users\Tanith\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Tanith\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjA4OTQ2NTIxLVhPMTArMTItTElDKzIyLUZMMTArMS1TUDEr
MS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCsxNTEyNy1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRE4rMS1UQisxLVUxMCsx
"&"prod=90"&"ver=10.0.1410
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tanith\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{77FCBF1A-3BE4-4D96-9544-182ABCE6C2FA} : DhcpNameServer = 10.0.0.1 10.0.0.2 10.0.0.5
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\37C61646562627F6F6B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\57E62656C69656671626C65602A6566666021212121212121212121212 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\6796379647F627E65647 : DhcpNameServer = 172.19.0.67 172.19.0.73
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\C496675626F687D224232383 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111107112340.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjA4OTQ2NTIxLVhPMTArMTItTElDKzIyLUZMMTArMS1TUDErMS
1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCsxNTEyNy1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRE4rMS1UQisxLVUxMCsx"&"prod=90"&"
ver=10.0.1410
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tanith\AppData\Roaming\Mozilla\Firefox\Profiles\987vu9s4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Tanith\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 2152152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-11-6 199008]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-11-6 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-2 705856]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-9-23 17152]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-23 1153368]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-23 13:52:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-23 13:52:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-23 13:12:54 -------- d-----w- C:\Users\Tanith\AppData\Local\{DBC01FED-2B40-4434-8CD6-2859D48F023A}
2011-11-23 13:12:37 -------- d-----w- C:\Users\Tanith\AppData\Local\{BFB2635E-0D37-473C-BB6E-27DFADF3F620}
2011-11-19 22:28:48 -------- d-----w- C:\Users\Tanith\AppData\Local\{9FB1F30F-7A5A-4D2C-A386-4912FBB42F23}
2011-11-19 22:28:09 -------- d-----w- C:\Users\Tanith\AppData\Local\{EA4D5175-B904-4FE7-8B0C-23BA09B63561}
2011-11-19 22:25:07 -------- d-----w- C:\Users\Tanith\AppData\Local\{0912ADC1-D1CE-4633-9B51-A2EDF9942229}
2011-11-19 03:01:03 -------- d-----w- C:\Users\Tanith\AppData\Local\{AD2503F0-DDFB-48B8-AB85-63465EB4677D}
2011-11-18 14:47:34 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-18 14:47:33 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-18 14:47:31 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-18 14:47:24 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-18 14:39:20 -------- d-----w- C:\Users\Tanith\AppData\Local\{B1A15B3F-0440-4B11-899F-FDE3DE89D843}
2011-11-18 14:38:43 -------- d-----w- C:\Users\Tanith\AppData\Local\{2EC0F061-FA0F-4BFC-A16A-0D4107531793}
2011-11-18 13:41:06 -------- d-----w- C:\ProgramData\PrevxCSI
2011-11-18 12:44:11 -------- d-----w- C:\Users\Tanith\AppData\Local\{E2D4F302-19D0-45A8-B879-3629C3D81305}
2011-11-18 12:43:45 -------- d-----w- C:\Users\Tanith\AppData\Local\{5E071281-44EA-4ACF-B793-F40BFA46ADE6}
2011-11-17 10:30:39 -------- d-----w- C:\Users\Tanith\AppData\Roaming\Malwarebytes
2011-11-17 10:30:26 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-17 10:30:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-17 09:56:51 -------- d-----w- C:\Users\Tanith\AppData\Local\{BE910464-35AD-4C81-AA60-E7AA1567B35B}
2011-11-17 09:56:28 -------- d-----w- C:\Users\Tanith\AppData\Local\{5D284CA4-BC4F-4B71-8D92-A02586BC5D23}
2011-11-16 11:57:14 -------- d-----w- C:\Users\Tanith\AppData\Local\{33D92708-4B97-41C9-BB64-2D245C70F244}
2011-11-16 11:56:37 -------- d-----w- C:\Users\Tanith\AppData\Local\{F07597DF-4592-444C-931C-D1676DA74ACA}
2011-11-15 03:23:54 -------- d-----w- C:\Users\Tanith\AppData\Local\{0D0009C4-D6CA-4FCC-8B75-AD2DAF50672C}
2011-11-15 03:23:34 -------- d-----w- C:\Users\Tanith\AppData\Local\{4EECE56F-7387-47F0-B1A8-59D5E507AF17}
2011-11-14 12:02:58 -------- d-----w- C:\Users\Tanith\AppData\Local\{1A45BFC3-91E0-414E-9222-67F3857626A4}
2011-11-14 12:02:42 -------- d-----w- C:\Users\Tanith\AppData\Local\{A740FED3-4B25-4A6A-9BFE-83A8C3EA5298}
2011-11-14 11:43:33 -------- d-----w- C:\Users\Tanith\AppData\Local\{DFE21E41-4E81-4AFC-A908-D23D463C1913}
2011-11-12 17:38:06 -------- d-----w- C:\Users\Tanith\AppData\Local\{18D19A18-62FB-43E0-ADE7-A62AE91856A7}
2011-11-12 12:21:24 -------- d-----w- C:\Users\Tanith\AppData\Local\{C8CC5C48-D4CC-4F8D-ADCF-6CF3497E93B3}
2011-11-12 12:20:59 -------- d-----w- C:\Users\Tanith\AppData\Local\{C23CAE0B-87B2-4F61-A328-A1F7D9A6ACF8}
2011-11-11 10:46:02 -------- d-----w- C:\Users\Tanith\AppData\Local\{97C8D1E7-B66C-4F82-814C-3C6F94CE3B98}
2011-11-10 11:23:21 -------- d-----w- C:\Users\Tanith\AppData\Local\{9277D914-3828-4853-9F08-3CA675557268}
2011-11-10 11:22:56 -------- d-----w- C:\Users\Tanith\AppData\Local\{9AEF334F-92E4-414C-A89D-5E01375BC65D}
2011-11-09 23:18:59 -------- d-----w- C:\Users\Tanith\AppData\Local\{A4DD0C41-8E81-4F47-8628-120373E35463}
2011-11-09 11:17:52 -------- d-----w- C:\Users\Tanith\AppData\Local\{63393B40-84DF-4F24-A206-BB5B7F02669F}
2011-11-08 11:22:25 -------- d-----w- C:\Users\Tanith\AppData\Local\{8B5E1CDC-AE87-4C74-B813-3FCA799FE02B}
2011-11-08 11:21:47 -------- d-----w- C:\Users\Tanith\AppData\Local\{2B1B5D26-A8E0-4DD7-98C5-048FF22B47AD}
2011-11-07 11:23:12 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-11-07 11:22:06 -------- d-----w- C:\Users\Tanith\AppData\Local\{1F7F710F-DCDF-45E7-972D-E98904248B13}
2011-11-07 11:21:53 -------- d-----w- C:\Users\Tanith\AppData\Local\{839D1A7D-C6DC-42FB-A45C-D16A886691DB}
2011-11-06 18:02:46 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2011-11-06 18:02:39 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2011-11-06 18:02:38 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2011-11-06 18:02:06 -------- d-----w- C:\Program Files (x86)\McAfee.com
2011-11-06 18:01:52 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2011-11-06 18:01:47 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-11-06 18:01:04 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-11-06 18:01:04 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-11-06 18:01:04 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-11-06 18:01:04 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-11-06 18:01:04 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-11-06 18:00:54 -------- d-----w- C:\Program Files\McAfee.com
2011-11-06 18:00:54 -------- d-----w- C:\Program Files\Common Files\McAfee
2011-11-06 18:00:53 -------- d-----w- C:\Program Files\McAfee
2011-11-06 17:36:25 -------- d-----w- C:\Program Files\iTunes
2011-11-06 17:36:25 -------- d-----w- C:\Program Files\iPod
2011-11-06 17:32:54 -------- d-----w- C:\Program Files\Bonjour
2011-11-06 17:32:54 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-06 17:32:34 158832 ----a-w- C:\Windows\System32\mfevtps.exe
2011-11-06 17:31:13 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-11-06 17:31:13 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-11-06 17:31:13 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-11-06 17:31:11 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-11-06 17:30:43 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-06 17:30:43 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-11-06 17:30:43 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-06 17:30:43 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-06 17:18:32 -------- d-----w- C:\Users\Tanith\AppData\Local\{73F0A4AB-86E8-40BA-BA09-09810BE12428}
2011-11-06 17:17:25 -------- d-----w- C:\Users\Tanith\AppData\Local\{8E1B952E-A161-4BBF-B090-0A4D2397E657}
2011-11-02 14:36:45 -------- d-----w- C:\Users\Tanith\AppData\Local\{D9BB5074-4F05-439F-A9E6-9D2D62932828}
.
==================== Find3M ====================
.
2011-11-06 18:21:52 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 14:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 14:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-30 23:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-30 23:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-30 23:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-30 23:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-30 23:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-30 23:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-30 23:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-30 23:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
============= FINISH: 14:41:09.39 ===============
 
Hi,

Download aswMBR to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply.
 
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
Here is my DDS: and i will attach the combofix and attach.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Tanith at 0:33:31 on 2011-11-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2062 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Users\Tanith\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111107112340.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
uRun: [Facebook Update] "C:\Users\Tanith\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjA4OTQ2NTIxLVhPMTArMTItTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCsxNTEyNy1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRE4rMS1UQisxLVUxMCsx"&"prod=90"&"ver=10.0.1410
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tanith\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{77FCBF1A-3BE4-4D96-9544-182ABCE6C2FA} : DhcpNameServer = 10.0.0.1 10.0.0.2 10.0.0.5
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\37C61646562627F6F6B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\57E62656C69656671626C65602A6566666021212121212121212121212 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\6796379647F627E65647 : DhcpNameServer = 172.19.0.67 172.19.0.73
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\C496675626F687D224232383 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111107112340.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjA4OTQ2NTIxLVhPMTArMTItTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCsxNTEyNy1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRE4rMS1UQisxLVUxMCsx"&"prod=90"&"ver=10.0.1410
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tanith\AppData\Roaming\Mozilla\Firefox\Profiles\987vu9s4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 2152152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-11-6 199008]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-11-6 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-23 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-2 705856]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-9-23 17152]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-24 00:00:48 -------- d-----w- C:\$RECYCLE.BIN
2011-11-23 23:08:09 98816 ----a-w- C:\Windows\sed.exe
2011-11-23 23:08:09 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-23 23:08:09 256000 ----a-w- C:\Windows\PEV.exe
2011-11-23 23:08:09 208896 ----a-w- C:\Windows\MBR.exe
2011-11-23 23:06:58 -------- d-----w- C:\ComboFix
2011-11-23 13:52:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-23 13:52:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-23 13:12:54 -------- d-----w- C:\Users\Tanith\AppData\Local\{DBC01FED-2B40-4434-8CD6-2859D48F023A}
2011-11-23 13:12:37 -------- d-----w- C:\Users\Tanith\AppData\Local\{BFB2635E-0D37-473C-BB6E-27DFADF3F620}
2011-11-19 22:28:48 -------- d-----w- C:\Users\Tanith\AppData\Local\{9FB1F30F-7A5A-4D2C-A386-4912FBB42F23}
2011-11-19 22:28:09 -------- d-----w- C:\Users\Tanith\AppData\Local\{EA4D5175-B904-4FE7-8B0C-23BA09B63561}
2011-11-19 22:25:07 -------- d-----w- C:\Users\Tanith\AppData\Local\{0912ADC1-D1CE-4633-9B51-A2EDF9942229}
2011-11-19 03:01:03 -------- d-----w- C:\Users\Tanith\AppData\Local\{AD2503F0-DDFB-48B8-AB85-63465EB4677D}
2011-11-18 14:47:34 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-18 14:47:33 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-18 14:47:31 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-18 14:47:24 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-18 14:39:20 -------- d-----w- C:\Users\Tanith\AppData\Local\{B1A15B3F-0440-4B11-899F-FDE3DE89D843}
2011-11-18 14:38:43 -------- d-----w- C:\Users\Tanith\AppData\Local\{2EC0F061-FA0F-4BFC-A16A-0D4107531793}
2011-11-18 13:41:06 -------- d-----w- C:\ProgramData\PrevxCSI
2011-11-18 12:44:11 -------- d-----w- C:\Users\Tanith\AppData\Local\{E2D4F302-19D0-45A8-B879-3629C3D81305}
2011-11-18 12:43:45 -------- d-----w- C:\Users\Tanith\AppData\Local\{5E071281-44EA-4ACF-B793-F40BFA46ADE6}
2011-11-17 10:30:39 -------- d-----w- C:\Users\Tanith\AppData\Roaming\Malwarebytes
2011-11-17 10:30:26 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-17 10:30:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-17 09:56:51 -------- d-----w- C:\Users\Tanith\AppData\Local\{BE910464-35AD-4C81-AA60-E7AA1567B35B}
2011-11-17 09:56:28 -------- d-----w- C:\Users\Tanith\AppData\Local\{5D284CA4-BC4F-4B71-8D92-A02586BC5D23}
2011-11-16 11:57:14 -------- d-----w- C:\Users\Tanith\AppData\Local\{33D92708-4B97-41C9-BB64-2D245C70F244}
2011-11-16 11:56:37 -------- d-----w- C:\Users\Tanith\AppData\Local\{F07597DF-4592-444C-931C-D1676DA74ACA}
2011-11-15 03:23:54 -------- d-----w- C:\Users\Tanith\AppData\Local\{0D0009C4-D6CA-4FCC-8B75-AD2DAF50672C}
2011-11-15 03:23:34 -------- d-----w- C:\Users\Tanith\AppData\Local\{4EECE56F-7387-47F0-B1A8-59D5E507AF17}
2011-11-14 12:02:58 -------- d-----w- C:\Users\Tanith\AppData\Local\{1A45BFC3-91E0-414E-9222-67F3857626A4}
2011-11-14 12:02:42 -------- d-----w- C:\Users\Tanith\AppData\Local\{A740FED3-4B25-4A6A-9BFE-83A8C3EA5298}
2011-11-14 11:43:33 -------- d-----w- C:\Users\Tanith\AppData\Local\{DFE21E41-4E81-4AFC-A908-D23D463C1913}
2011-11-12 17:38:06 -------- d-----w- C:\Users\Tanith\AppData\Local\{18D19A18-62FB-43E0-ADE7-A62AE91856A7}
2011-11-12 12:21:24 -------- d-----w- C:\Users\Tanith\AppData\Local\{C8CC5C48-D4CC-4F8D-ADCF-6CF3497E93B3}
2011-11-12 12:20:59 -------- d-----w- C:\Users\Tanith\AppData\Local\{C23CAE0B-87B2-4F61-A328-A1F7D9A6ACF8}
2011-11-11 10:46:02 -------- d-----w- C:\Users\Tanith\AppData\Local\{97C8D1E7-B66C-4F82-814C-3C6F94CE3B98}
2011-11-10 11:23:21 -------- d-----w- C:\Users\Tanith\AppData\Local\{9277D914-3828-4853-9F08-3CA675557268}
2011-11-10 11:22:56 -------- d-----w- C:\Users\Tanith\AppData\Local\{9AEF334F-92E4-414C-A89D-5E01375BC65D}
2011-11-09 23:18:59 -------- d-----w- C:\Users\Tanith\AppData\Local\{A4DD0C41-8E81-4F47-8628-120373E35463}
2011-11-09 11:17:52 -------- d-----w- C:\Users\Tanith\AppData\Local\{63393B40-84DF-4F24-A206-BB5B7F02669F}
2011-11-08 11:22:25 -------- d-----w- C:\Users\Tanith\AppData\Local\{8B5E1CDC-AE87-4C74-B813-3FCA799FE02B}
2011-11-08 11:21:47 -------- d-----w- C:\Users\Tanith\AppData\Local\{2B1B5D26-A8E0-4DD7-98C5-048FF22B47AD}
2011-11-07 11:23:12 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-11-07 11:22:06 -------- d-----w- C:\Users\Tanith\AppData\Local\{1F7F710F-DCDF-45E7-972D-E98904248B13}
2011-11-07 11:21:53 -------- d-----w- C:\Users\Tanith\AppData\Local\{839D1A7D-C6DC-42FB-A45C-D16A886691DB}
2011-11-06 18:02:46 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2011-11-06 18:02:39 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2011-11-06 18:02:38 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2011-11-06 18:02:06 -------- d-----w- C:\Program Files (x86)\McAfee.com
2011-11-06 18:01:52 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2011-11-06 18:01:47 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-11-06 18:01:04 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-11-06 18:01:04 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-11-06 18:01:04 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-11-06 18:01:04 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-11-06 18:01:04 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-11-06 18:00:54 -------- d-----w- C:\Program Files\McAfee.com
2011-11-06 18:00:54 -------- d-----w- C:\Program Files\Common Files\McAfee
2011-11-06 18:00:53 -------- d-----w- C:\Program Files\McAfee
2011-11-06 17:36:25 -------- d-----w- C:\Program Files\iTunes
2011-11-06 17:36:25 -------- d-----w- C:\Program Files\iPod
2011-11-06 17:32:54 -------- d-----w- C:\Program Files\Bonjour
2011-11-06 17:32:54 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-06 17:32:34 158832 ----a-w- C:\Windows\System32\mfevtps.exe
2011-11-06 17:31:13 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-11-06 17:31:13 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-11-06 17:31:13 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-11-06 17:31:11 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-11-06 17:30:43 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-06 17:30:43 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-11-06 17:30:43 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-06 17:30:43 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-06 17:18:32 -------- d-----w- C:\Users\Tanith\AppData\Local\{73F0A4AB-86E8-40BA-BA09-09810BE12428}
2011-11-06 17:17:25 -------- d-----w- C:\Users\Tanith\AppData\Local\{8E1B952E-A161-4BBF-B090-0A4D2397E657}
2011-11-02 14:36:45 -------- d-----w- C:\Users\Tanith\AppData\Local\{D9BB5074-4F05-439F-A9E6-9D2D62932828}
.
==================== Find3M ====================
.
2011-11-06 18:21:52 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 14:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 14:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-30 23:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-30 23:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-30 23:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-30 23:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-30 23:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-30 23:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-30 23:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-30 23:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
============= FINISH: 0:42:39.56 ============
 
Hi,

Download aswMBR to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply.
 
Hi,

Not sure if I did that right as it only took about 3 seconds:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-24 10:49:50
-----------------------------
10:49:50.252 OS Version: Windows x64 6.1.7601 Service Pack 1
10:49:50.252 Number of processors: 2 586 0x170A
10:49:50.253 ComputerName: TANITH-PC UserName: Tanith
10:49:52.202 Initialize success
10:50:22.209 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:50:22.211 Disk 0 Vendor: WDC_WD5000BEVT-75ZAT0 01.01A01 Size: 476940MB BusType: 11
10:50:24.219 Disk 0 MBR read successfully
10:50:24.221 Disk 0 MBR scan
10:50:24.223 Disk 0 Windows VISTA default MBR code
10:50:24.226 Disk 0 MBR hidden
10:50:24.229 Service scanning
10:50:29.304 Modules scanning
10:50:29.307 Disk 0 trace - called modules:
10:50:29.340 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004ca3334]<<
10:50:29.344 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c83410]
10:50:29.347 3 CLASSPNP.SYS[fffff880018a643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046de060]
10:50:29.352 \Driver\atapi[0xfffffa800467c450] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004ca3334
10:50:29.355 Scan finished successfully
10:51:52.703 Disk 0 MBR has been saved successfully to "C:\Users\Tanith\Desktop\MBR.dat"
10:51:52.712 The log file has been saved successfully to "C:\Users\Tanith\Desktop\aswMBR2.txt"
 
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
I have already done combo fix, as seen earlier? You would like me to do it again?

Sorry if im being silly.. Just wanted to check.
 
Sorry if im being silly.. Just wanted to check.
Click to expand...
No. It's me being silly. Totally forgot we ran ComboFix already :oops:


1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
 
Hi,

Go to Start > type or copy/paste the following in the search program and files textbox, then press Enter

diskmgmt.msc

Capture and attach a screenshot of what you see there.

---

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
 
Hi again,


Uninstall your current Adobe shockwave player and get the fresh one here if needed.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 7 Update 1.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.


Post back its report & a fresh dds.txt log. Are there still issues left?
 
Hiya, all updated now I think.
I did the scan and it found three threats:

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application

Should I run the scan again this time deleting them?

DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tanith at 23:35:12 on 2011-11-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2351 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Users\Tanith\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111107112340.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
uRun: [Facebook Update] "C:\Users\Tanith\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjA4OTQ2NTIxLVhPMTArMTItTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCsxNTEyNy1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRE4rMS1UQisxLVUxMCsx"&"prod=90"&"ver=10.0.1410
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tanith\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{77FCBF1A-3BE4-4D96-9544-182ABCE6C2FA} : DhcpNameServer = 10.0.0.1 10.0.0.2 10.0.0.5
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\37C61646562627F6F6B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\57E62656C69656671626C65602A6566666021212121212121212121212 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\6796379647F627E65647 : DhcpNameServer = 172.19.0.67 172.19.0.73
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\C496675626F687D224232383 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111107112340.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjA4OTQ2NTIxLVhPMTArMTItTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCsxNTEyNy1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRE4rMS1UQisxLVUxMCsx"&"prod=90"&"ver=10.0.1410
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-11-6 199008]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-11-6 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-23 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-2 705856]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 2152152]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-10-6 25072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-24 22:24:29 -------- d-----w- C:\Program Files (x86)\ESET
2011-11-24 00:00:48 -------- d-----w- C:\$RECYCLE.BIN
2011-11-23 23:08:09 98816 ----a-w- C:\Windows\sed.exe
2011-11-23 23:08:09 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-23 23:08:09 256000 ----a-w- C:\Windows\PEV.exe
2011-11-23 23:08:09 208896 ----a-w- C:\Windows\MBR.exe
2011-11-23 23:06:58 -------- d-----w- C:\ComboFix
2011-11-23 13:52:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-23 13:52:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-23 13:12:54 -------- d-----w- C:\Users\Tanith\AppData\Local\{DBC01FED-2B40-4434-8CD6-2859D48F023A}
2011-11-23 13:12:37 -------- d-----w- C:\Users\Tanith\AppData\Local\{BFB2635E-0D37-473C-BB6E-27DFADF3F620}
2011-11-19 22:28:48 -------- d-----w- C:\Users\Tanith\AppData\Local\{9FB1F30F-7A5A-4D2C-A386-4912FBB42F23}
2011-11-19 22:28:09 -------- d-----w- C:\Users\Tanith\AppData\Local\{EA4D5175-B904-4FE7-8B0C-23BA09B63561}
2011-11-19 22:25:07 -------- d-----w- C:\Users\Tanith\AppData\Local\{0912ADC1-D1CE-4633-9B51-A2EDF9942229}
2011-11-19 03:01:03 -------- d-----w- C:\Users\Tanith\AppData\Local\{AD2503F0-DDFB-48B8-AB85-63465EB4677D}
2011-11-18 14:47:34 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-18 14:47:33 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-18 14:47:31 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-18 14:47:24 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-18 14:39:20 -------- d-----w- C:\Users\Tanith\AppData\Local\{B1A15B3F-0440-4B11-899F-FDE3DE89D843}
2011-11-18 14:38:43 -------- d-----w- C:\Users\Tanith\AppData\Local\{2EC0F061-FA0F-4BFC-A16A-0D4107531793}
2011-11-18 13:41:06 -------- d-----w- C:\ProgramData\PrevxCSI
2011-11-18 12:44:11 -------- d-----w- C:\Users\Tanith\AppData\Local\{E2D4F302-19D0-45A8-B879-3629C3D81305}
2011-11-18 12:43:45 -------- d-----w- C:\Users\Tanith\AppData\Local\{5E071281-44EA-4ACF-B793-F40BFA46ADE6}
2011-11-17 10:30:39 -------- d-----w- C:\Users\Tanith\AppData\Roaming\Malwarebytes
2011-11-17 10:30:26 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-17 10:30:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-17 09:56:51 -------- d-----w- C:\Users\Tanith\AppData\Local\{BE910464-35AD-4C81-AA60-E7AA1567B35B}
2011-11-17 09:56:28 -------- d-----w- C:\Users\Tanith\AppData\Local\{5D284CA4-BC4F-4B71-8D92-A02586BC5D23}
2011-11-16 11:57:14 -------- d-----w- C:\Users\Tanith\AppData\Local\{33D92708-4B97-41C9-BB64-2D245C70F244}
2011-11-16 11:56:37 -------- d-----w- C:\Users\Tanith\AppData\Local\{F07597DF-4592-444C-931C-D1676DA74ACA}
2011-11-15 03:23:54 -------- d-----w- C:\Users\Tanith\AppData\Local\{0D0009C4-D6CA-4FCC-8B75-AD2DAF50672C}
2011-11-15 03:23:34 -------- d-----w- C:\Users\Tanith\AppData\Local\{4EECE56F-7387-47F0-B1A8-59D5E507AF17}
2011-11-14 12:02:58 -------- d-----w- C:\Users\Tanith\AppData\Local\{1A45BFC3-91E0-414E-9222-67F3857626A4}
2011-11-14 12:02:42 -------- d-----w- C:\Users\Tanith\AppData\Local\{A740FED3-4B25-4A6A-9BFE-83A8C3EA5298}
2011-11-14 11:43:33 -------- d-----w- C:\Users\Tanith\AppData\Local\{DFE21E41-4E81-4AFC-A908-D23D463C1913}
2011-11-12 17:38:06 -------- d-----w- C:\Users\Tanith\AppData\Local\{18D19A18-62FB-43E0-ADE7-A62AE91856A7}
2011-11-12 12:21:24 -------- d-----w- C:\Users\Tanith\AppData\Local\{C8CC5C48-D4CC-4F8D-ADCF-6CF3497E93B3}
2011-11-12 12:20:59 -------- d-----w- C:\Users\Tanith\AppData\Local\{C23CAE0B-87B2-4F61-A328-A1F7D9A6ACF8}
2011-11-11 10:46:02 -------- d-----w- C:\Users\Tanith\AppData\Local\{97C8D1E7-B66C-4F82-814C-3C6F94CE3B98}
2011-11-10 11:23:21 -------- d-----w- C:\Users\Tanith\AppData\Local\{9277D914-3828-4853-9F08-3CA675557268}
2011-11-10 11:22:56 -------- d-----w- C:\Users\Tanith\AppData\Local\{9AEF334F-92E4-414C-A89D-5E01375BC65D}
2011-11-09 23:18:59 -------- d-----w- C:\Users\Tanith\AppData\Local\{A4DD0C41-8E81-4F47-8628-120373E35463}
2011-11-09 11:17:52 -------- d-----w- C:\Users\Tanith\AppData\Local\{63393B40-84DF-4F24-A206-BB5B7F02669F}
2011-11-08 11:22:25 -------- d-----w- C:\Users\Tanith\AppData\Local\{8B5E1CDC-AE87-4C74-B813-3FCA799FE02B}
2011-11-08 11:21:47 -------- d-----w- C:\Users\Tanith\AppData\Local\{2B1B5D26-A8E0-4DD7-98C5-048FF22B47AD}
2011-11-07 11:23:12 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-11-07 11:22:06 -------- d-----w- C:\Users\Tanith\AppData\Local\{1F7F710F-DCDF-45E7-972D-E98904248B13}
2011-11-07 11:21:53 -------- d-----w- C:\Users\Tanith\AppData\Local\{839D1A7D-C6DC-42FB-A45C-D16A886691DB}
2011-11-06 18:02:46 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2011-11-06 18:02:39 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2011-11-06 18:02:38 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2011-11-06 18:02:06 -------- d-----w- C:\Program Files (x86)\McAfee.com
2011-11-06 18:01:52 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2011-11-06 18:01:47 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-11-06 18:01:04 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-11-06 18:01:04 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-11-06 18:01:04 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-11-06 18:01:04 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-11-06 18:01:04 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-11-06 18:00:54 -------- d-----w- C:\Program Files\McAfee.com
2011-11-06 18:00:54 -------- d-----w- C:\Program Files\Common Files\McAfee
2011-11-06 18:00:53 -------- d-----w- C:\Program Files\McAfee
2011-11-06 17:36:25 -------- d-----w- C:\Program Files\iTunes
2011-11-06 17:36:25 -------- d-----w- C:\Program Files\iPod
2011-11-06 17:32:54 -------- d-----w- C:\Program Files\Bonjour
2011-11-06 17:32:54 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-06 17:32:34 158832 ----a-w- C:\Windows\System32\mfevtps.exe
2011-11-06 17:31:13 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-11-06 17:31:13 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-11-06 17:31:13 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-11-06 17:31:11 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-11-06 17:30:43 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-06 17:30:43 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-11-06 17:30:43 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-06 17:30:43 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-06 17:18:32 -------- d-----w- C:\Users\Tanith\AppData\Local\{73F0A4AB-86E8-40BA-BA09-09810BE12428}
2011-11-06 17:17:25 -------- d-----w- C:\Users\Tanith\AppData\Local\{8E1B952E-A161-4BBF-B090-0A4D2397E657}
2011-11-02 14:36:45 -------- d-----w- C:\Users\Tanith\AppData\Local\{D9BB5074-4F05-439F-A9E6-9D2D62932828}
.
==================== Find3M ====================
.
2011-11-24 22:20:53 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-24 14:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 14:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-30 23:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-30 23:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-30 23:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-30 23:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-30 23:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-30 23:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-30 23:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-30 23:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
============= FINISH: 23:43:40.79 ===============
 
Hi again, my system is still doing the same thing - occasionally redirecting my searches and funny things running in my task manager. I have attached a screen shot of what is going on in task manager with nothing open. IE seems to be using a lot of cpu (sometimes it is even more) and it isnt even open. I'm also worried about the things that have no description or user? Are they normal?

I have also uninstalled chrome and firefox as neither were working (crashing/sending task manager into overload).

Thank you so much for your help so far!
 
Hi,

Please download mbrfix.exe from here.

Scroll down to locate mbrfix.exe and in the lower right corner of the tool info, you'll see the Download link. It's important that you save it directly to the C:\ drive and extract it to that same location.

Double click the mbrfix folder and drag the mbrfix64.exe out of that folder so it's location is C:\mbrfix64.exe

Click start->in search box type cmd.exe, right click cmd.exe and select run as administrator.

If all went well you should have black window with Administrator: Command Prompt title open.

At the prompt, type in the following and press Enter:

cd /d c:\

( Note - there is a space between cd and /d and another space between /d and c:\ )

You should now be at the C:\> prompt.

Type in the following and press Enter:

MbrFix64_/drive_0_savembr_MBRNormalmode

(Note - I've placed underscores where spaces should be. Do not type in the underscore, just hit the space bar. Also, the 0 you see in the command, is the numeral 0.)

Next, type exit and press Enter.

--

Next, restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

At the prompt, type in the following and press Enter:

cd /d c:\

( Note - there is a space between cd and /d and another space between /d and c:\ )

You should now be at the C:\> prompt.

Type in the following and press Enter:

MbrFix64_/drive_0_savembr_MBRREmode

(Again, note - I've placed underscores where spaces should be. Do not type in the underscore, just hit the space bar. Also, the 0 you see in the command, is the numeral 0.)

Next, type exit and press Enter and restart the machine.

Navigate to C:\MBRNormalmode file. Right click it to zip it up, and please attach it to your next post. Repeat with C:\MBRREmode file.
 
Hi, I've tried to follow your steps, but after clicking repair your computer it says windows is loading files and then never finishes loading!

Don't know what to do next.
 
You must log in or register to reply here.
Back
Top