i think i may have adware

View previous topic View next topic Go down

i think i may have adware

Post by megatails5 on 21st April 2012, 2:20 pm

Recently on firefox all of my links have been replaced with advertisemenets to places i honestly have no clue as to what or where they are. Also, hijackthis refuses to save a log file, so i have instead a RSIT log

Logfile of random's system information tool 1.09 (written by random/random)
Run by Chris at 2012-04-21 15:06:19
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 346 GB (75%) free of 462 GB
Total RAM: 3070 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:06:36, on 21/04/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\dfrgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chris\Downloads\RSIT.exe
C:\Program Files\trend micro\Chris.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120302213047.dll
O2 - BHO: FCTBPos00Pos - {818B93D5-A4FA-4488-BF14-C4CB7B54AA0C} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (file missing)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {674F9426-E0C0-4BEC-A819-5F57D5A94CB3} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Free YouTube Download - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - [You must be registered and logged in to see this link.]
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 13435 bytes



megatails5
Senior
Senior

Posts Posts : 228
Joined Joined : 2009-03-16
Gender Gender : Male
OS OS : Windows Vista 64bit
Protection Protection : Malwarebytes, Windows Security Essentials
Points Points : 28880
# Likes # Likes : 0

View user profile

Back to top Go down

Re: i think i may have adware

Post by megatails5 on 21st April 2012, 2:22 pm

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\EasyShare Registration Task.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3611833559-2294988578-2700159509-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3611833559-2294988578-2700159509-1000UA.job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\RtlNICDiagVistaStart.job
C:\Windows\tasks\SystemToolsDailyTest.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n600jsri.default

prefs.js - "browser.startup.homepage" - "https://www.google.co.uk/"
prefs.js - "keyword.URL" - "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"m3ffxtbr@mywebsearch.com"=C:\Program Files\MyWebSearch\bar\1.bin
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files\McAfee\SiteAdvisor
"{D19CA586-DD6C-4a0a-96F8-14644F340D60}"=C:\Program Files\Common Files\McAfee\SystemCore


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.233 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\progra~1\mcafee\msc\npmcsn~1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/SAFFPlugin]
"Description"=
"Path"=C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/wpi,version=1.0]
"Description"=
"Path"=C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
GoogleDesktopMozilla.dll
GoogleDesktopMozillaStub.js
GoogleDesktopMozillaStub.xpt
Scriptff.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
amazon-en-GB.xml
bing.xml
chambers-en-GB.xml
eBay-en-GB.xml
google.xml
googledesktop.xml
McSiteAdvisor.xml
Search_Results.xml
wikipedia.xml
yahoo-en-GB.xml

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n600jsri.default\searchplugins\
Search_Results.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-19 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120302213047.dll [2011-12-06 79744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{818B93D5-A4FA-4488-BF14-C4CB7B54AA0C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
Searchqu Toolbar - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2012-02-17 281600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}]
DCA BHO - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll [2010-01-28 214920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-19 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{674F9426-E0C0-4BEC-A819-5F57D5A94CB3}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2012-02-17 281600]
{99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-18 6246400]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-12-08 3444736]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe /P dellsupportcenter []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-24 30192]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2011-11-22 1318816]
"McPvTray_exe"=C:\Program Files\McAfee\MAT\McPvTray.exe [2011-04-08 419904]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-03-27 421736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Facebook Update"=C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 137536]
"DriverFinder"=C:\Program Files\DriverFinder\DriverFinder.exe []

C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-12-03 10536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoResolveTrack"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=iyvu9_32.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-04-21 15:06:19 ----D---- C:\rsit
2012-04-21 14:43:28 ----D---- C:\Program Files\Trend Micro
2012-04-21 14:38:08 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2012-04-21 14:32:35 ----D---- C:\Users\Chris\AppData\Roaming\ParetoLogic
2012-04-21 14:32:35 ----D---- C:\Users\Chris\AppData\Roaming\DriverCure
2012-04-21 14:32:17 ----D---- C:\ProgramData\ParetoLogic
2012-04-21 14:15:08 ----D---- C:\Windows\LastGood
2012-04-21 14:13:28 ----A---- C:\Windows\system32\Oemdspif.dll
2012-04-21 14:13:27 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2012-04-21 14:13:27 ----A---- C:\Windows\system32\atioglxx.dll
2012-04-21 14:13:27 ----A---- C:\Windows\system32\ATIODE.exe
2012-04-21 14:13:27 ----A---- C:\Windows\system32\ATIODCLI.exe
2012-04-21 14:13:27 ----A---- C:\Windows\system32\atimuixx.dll
2012-04-21 14:13:27 ----A---- C:\Windows\system32\atiicdxx.dat
2012-04-21 14:13:27 ----A---- C:\Windows\system32\atidxx32.dll
2012-04-21 14:13:27 ----A---- C:\Windows\system32\atiadlxx.dll
2012-04-21 14:13:26 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2012-04-21 14:13:26 ----A---- C:\Windows\system32\amdpcom32.dll
2012-04-21 13:50:26 ----A---- C:\Windows\system32\mfc45.dll
2012-04-21 13:50:14 ----D---- C:\ProgramData\iolo
2012-04-21 13:50:14 ----D---- C:\Program Files\iolo
2012-04-20 18:51:31 ----D---- C:\ProgramData\Blizzard Entertainment
2012-04-20 15:32:24 ----D---- C:\Program Files\Diablo III Beta
2012-04-20 15:30:15 ----D---- C:\ProgramData\Battle.net
2012-04-19 16:15:52 ----D---- C:\Windows\en
2012-04-19 16:14:14 ----A---- C:\Windows\system32\drivers\fssfltr.sys
2012-04-15 17:31:06 ----D---- C:\ProgramData\boost_interprocess
2012-04-12 19:54:17 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-12 19:54:17 ----A---- C:\Windows\system32\iertutil.dll
2012-04-12 19:54:16 ----A---- C:\Windows\system32\wininet.dll
2012-04-12 19:54:16 ----A---- C:\Windows\system32\jscript9.dll
2012-04-12 19:54:16 ----A---- C:\Windows\system32\jscript.dll
2012-04-12 19:54:15 ----A---- C:\Windows\system32\urlmon.dll
2012-04-12 19:54:15 ----A---- C:\Windows\system32\url.dll
2012-04-12 19:54:15 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-12 19:54:15 ----A---- C:\Windows\system32\ieui.dll
2012-04-12 19:54:14 ----A---- C:\Windows\system32\ieframe.dll
2012-04-12 19:54:12 ----A---- C:\Windows\system32\mshtml.dll
2012-04-12 19:54:02 ----A---- C:\Windows\system32\wmi.dll
2012-04-12 19:54:02 ----A---- C:\Windows\system32\wintrust.dll
2012-04-12 19:54:02 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-12 19:54:02 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 19:53:04 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-04-12 19:53:03 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-04-10 22:21:42 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-04-02 22:17:34 ----D---- C:\Program Files\iPod

======List of files/folders modified in the last 1 month======

2012-04-21 15:06:36 ----D---- C:\Windows\Prefetch
2012-04-21 15:06:24 ----D---- C:\Windows\Temp
2012-04-21 15:04:05 ----D---- C:\Program Files\Google
2012-04-21 14:55:17 ----RD---- C:\Program Files
2012-04-21 14:54:22 ----D---- C:\Windows\Tasks
2012-04-21 14:54:22 ----D---- C:\Program Files\Common Files
2012-04-21 14:52:52 ----SHD---- C:\System Volume Information
2012-04-21 14:43:35 ----SHD---- C:\Windows\Installer
2012-04-21 14:40:55 ----D---- C:\Windows\system32\drivers
2012-04-21 14:32:43 ----D---- C:\Windows\system32\Tasks
2012-04-21 14:32:17 ----HD---- C:\ProgramData
2012-04-21 14:18:52 ----D---- C:\Windows\System32
2012-04-21 14:18:52 ----D---- C:\Windows\inf
2012-04-21 14:18:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-21 14:15:42 ----D---- C:\Windows
2012-04-21 14:15:16 ----D---- C:\Windows\system32\catroot
2012-04-21 13:51:10 ----SD---- C:\Windows\Downloaded Program Files
2012-04-21 13:40:42 ----D---- C:\Program Files\Mozilla Firefox
2012-04-20 15:32:45 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2012-04-19 16:46:23 ----D---- C:\Windows\Microsoft.NET
2012-04-19 16:44:59 ----RSD---- C:\Windows\assembly
2012-04-19 16:14:16 ----DC---- C:\Windows\system32\DRVSTORE
2012-04-19 16:09:36 ----D---- C:\Program Files\Windows Live
2012-04-15 17:34:58 ----HD---- C:\Program Files\InstallShield Installation Information
2012-04-15 17:29:56 ----D---- C:\Windows\system32\Samsung_USB_Drivers
2012-04-15 17:25:01 ----D---- C:\Users\Chris\AppData\Roaming\Samsung
2012-04-15 16:53:09 ----D---- C:\Windows\winsxs
2012-04-12 23:34:59 ----D---- C:\Windows\system32\migration
2012-04-12 23:34:58 ----D---- C:\Program Files\Internet Explorer
2012-04-12 19:54:29 ----D---- C:\Windows\system32\catroot2
2012-04-12 19:53:50 ----D---- C:\ProgramData\Microsoft Help
2012-04-12 19:46:50 ----A---- C:\Windows\system32\mrt.exe
2012-04-12 19:46:33 ----D---- C:\Program Files\Windows Mail
2012-04-10 22:23:54 ----D---- C:\Program Files\Common Files\Adobe
2012-04-10 22:18:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-10 01:47:31 ----D---- C:\Program Files\Diablo II
2012-04-02 22:18:23 ----D---- C:\Program Files\iTunes
2012-04-02 22:17:33 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 McPvDrv;McPvDrv Driver; C:\Windows\system32\drivers\McPvDrv.sys [2011-04-11 64048]
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2011-10-15 464176]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-11-14 43840]
R0 RapportKELL;RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [2011-09-25 56336]
R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 64880]
R1 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2011-10-15 165680]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 MpKsle95344c5;MpKsle95344c5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C74A837-F6FD-4E1B-9B28-6499E0193787}\MpKsle95344c5.sys [2012-04-21 29904]
R1 RapportBuka;RapportBuka; \??\C:\Windows\system32\drivers\RapportBuka.sys [2010-02-27 390528]
R1 RapportCerberus_32029;RapportCerberus_32029; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [2011-10-18 227312]
R1 RapportEI;RapportEI; \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [2011-09-25 70416]
R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [2011-09-25 161936]
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys [2008-07-21 27648]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-01-28 4303872]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-12-06 1044984]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2011-10-15 57600]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-18 2153176]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2012-04-21 40776]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2011-10-15 121256]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2011-10-15 180816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2011-10-15 59456]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2011-10-15 338176]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-06-23 259176]
R3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-02-15 43520]
R3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 39272]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-01-08 36608]
S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2011-10-15 87656]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-01-28 4303872]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-21 7680]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2008-07-15 312344]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2008-07-18 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-01-28 729088]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-12-03 72704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2011-12-06 166288]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 160608]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe [2011-12-06 150856]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-09-25 919352]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-12-08 24064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-03-27 821608]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-11-25 194104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-24 30192]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-12-03 16680]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]
S3 McAWFwk;McAfee Activation Service; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-01-28 203080]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2011-10-18 361976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 McOobeSv;McAfee OOBE Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------



megatails5
Senior
Senior

Posts Posts : 228
Joined Joined : 2009-03-16
Gender Gender : Male
OS OS : Windows Vista 64bit
Protection Protection : Malwarebytes, Windows Security Essentials
Points Points : 28880
# Likes # Likes : 0

View user profile

Back to top Go down

Re: i think i may have adware

Post by Superdave on 21st April 2012, 5:51 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

You may want to consider [You must be registered and logged in to see this link.] to protect against viruses and other threats.
Additionally, purchasing an effective antivirus program is a good idea. This will protect your identity and your computer against all types of viruses and other malware. [You must be registered and logged in to see this link.]
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from [You must be registered and logged in to see this link.]
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum