Start a Conversation


This post is more than 5 years old


February 23rd, 2010 19:00

fake antivirus popup

Yesterday I was surfing the net and all the sudden I had a popup that said viruses and trojans were on my computer and I need to clean them up. So I went to to AVG antivirus program.  Apparently the virus/malware had haijacked my computer and I wound buying the faux program. When I finally realized what had happen I had to cancel my credit card etc.  For all you out there the people who are running this company are collecting money through located in Idaho.  My bank called them and supposely they are crediting the money back into my account. We'll see.......  

This what I have done since doing a little investigating I downloaded Microsoft Security Essentials and ran a scan which showed no results.  I tried to download a malware removal tool from Microsoft but that did not work.

 Luckily on 2/16 I used Dell DataSafe and recreated 2 recovery discs. I have Windows defender.  I did have the virus program that was provided with my Studio and I was suppose to get thirty days but it quit working after a couple of weeks. I tried to download a couple of different antivirus programs to replace it but was unable to  due to windows firewall......  Iam really frustrated.  PLEASE HELP!!!![:S

Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Dell\Dell Mobile Broadband\systray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [systray] C:\Program Files (x86)\Dell\Dell Mobile Broadband\systray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Dell Touch Zone.lnk = C:\Program Files (x86)\Dell Touch Zone\fingertapps.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) -
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Mobile Broadband Service (WMCoreService) - Unknown owner - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

End of file - 10606 bytes

3 Apprentice


20.5K Posts

February 24th, 2010 05:00

I tried to download a couple of different antivirus programs to replace it but was unable to  due to windows firewall..
The Windows firewall should not prevent you from downlloading an anti-virus program. Did you completely remove your previous anti-virus first?

Are you able to post a log?

Please Read This Before Posting For Malware Removal Help

176 Posts

February 24th, 2010 08:00

the exact same program got me.  i restored my system to a previously set point in time and it disappeared.  click programs, accessories, system tools, system restore, and let windows restore your system to a previous time.  you will lose anything that was put on your computer from the restore date to now, but it will get rid of that virus.  just make sure you go back before you got infected.   good luck

28 Posts

February 24th, 2010 09:00

I am not sure going to back to a restore point will solve this problem - from what I understand this kind of virus buries itself and is hard to remove.  Everything I have been able to find out about it leads me to believe you have wipe your computer clean and then reinstall Windows.  I am in the process of sending my log so that it can looked over by a tech.  I would probably check more closely because you are not only getting malware but also spyware.  Make sure you make the discs from Dells Datasafe as this will help with the process - I am hoping I will not have to do this but rather be safe than not.

3 Apprentice


20.5K Posts

February 24th, 2010 10:00

I'm not a Dell Tech, but I can tell you that Hijackthis was not built to run on Windows 7, so that won't be much help. I wish you had told us you were running Win 7 when you first posted. Now that you have edited to include the log, I have a bit more info.

Try a scan with MBAM. * If you are unable to download or install MBAM on your computer, see if you can use a friend's or family member's computer to download MBAM. Use the update link mentioned below to manually update. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "lookinhere.exe". Copy the installer file and the update file to a CD or flash drive. Transfer the files to the infected computer. Install the "lookinhere.exe" file, then run the update so that you will have the current definitions. After that, run a full system scan and select to have the program REMOVE whatever it finds.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates,
  • manually download them from here
    and just double-click on mbam-rules.exe to install.
    Alternatively, you can update through MBAM's interface from a clean computer,
    copy the definitions (rules.ref) located in
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
    Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top.
  • It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully.
  • Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report into your next reply and exit MBAM. We may have to remove this manually if that does not work.

Note:-- If MBAM encounters a file that is difficult to remove,
you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately.
Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- MBAM may make changes to your registry as part of its disinfection routine.
If you're using other security programs that detect registry changes (like Spybot's Teatimer),
they may interfere with the fix or alert you after scanning with MBAM.
Please disable such programs until disinfection is complete or permit them to allow the changes.

**If you need to re-install MBAM but encounter issue in re-installing, try using the MBAM Cleanup Utility by downloading it from HERE

28 Posts

February 24th, 2010 11:00

Thankyou for your help I follow your instructions  I am posting the results........What should I do now  Thankyou

nternet Explorer 8.0.7600.16385

2/24/2010 11:39:48 AM
mbam-log-2010-02-24 (11-39-48).txt

Scan type: Quick Scan
Objects scanned: 97670
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\$Recycle.Bin\S-1-5-21-2372496266-1293665413-2271099843-1000\$RDGPNMW.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\wendy\downloads\regtool.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

28 Posts

February 24th, 2010 12:00

here are the scan logs you requested

DDS (Ver_09-12-01.01) - NTFSX64 
Run by wendy at 12:28:36.70 on Wed 02/24/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4057.2586 [GMT -8:00]

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Dell Touch Zone\fingertapps.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell\Dell Mobile Broadband\systray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k swprv

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://
mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [systray] c:\program files (x86)\dell\dell mobile broadband\systray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe
StartupFolder: c:\users\wendy\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files (x86)\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\dellto~1.lnk - c:\program files (x86)\dell touch zone\fingertapps.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg64.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun-x64: [IAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRunOnce-x64: [DSUpdateLauncher] "c:\program files (x86)\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files (x86)\dell datasafe local backup\components\dsupdate" /runas "c:\program files (x86)\dell datasafe local backup\components\dsupdate\DSUpd.exe"

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2010-2-22 33800]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-9-30 55280]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 164720]
R1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\drivers\NvtSp50.sys [2009-7-15 27648]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2009-9-30 656624]
R2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\dell\dell wwan\wmcore\mini_wmcore.exe servicemode --> c:\program files (x86)\dell\dell wwan\wmcore\mini_WMCore.exe servicemode [?]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2009-9-30 23912]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-30 172704]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-31 138752]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 40832]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-9-30 5435904]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdgx64.sys [2009-9-30 69152]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-12-19 314400]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-5 135664]

=============== Created Last 30 ================

2010-02-24 19:33:43 0 d-----w- c:\users\wendy\appdata\roaming\Malwarebytes
2010-02-24 19:33:37 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 19:33:37 0 d-----w- c:\programdata\Malwarebytes
2010-02-24 19:33:37 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-02-24 16:45:12 0 d-----w- c:\program files (x86)\Trend Micro
2010-02-23 07:38:17 0 d-----w- c:\program files (x86)\Microsoft Antimalware
2010-02-23 07:38:07 0 d-----w- c:\program files\Microsoft Security Essentials
2010-02-22 22:59:13 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2010-02-22 22:59:12 0 d-----w- c:\program files (x86)\Panda Security
2010-02-22 17:19:32 0 d-----w- c:\program files (x86)\Anti-Virus Elite
2010-02-20 23:57:00 74471 ----a-w- c:\users\wendy\.recently-used.xbel
2010-02-20 08:34:33 0 d-----w- c:\users\wendy\appdata\roaming\Reg-Tool
2010-02-20 08:34:25 0 d-----w- c:\program files (x86)\Reg-Tool
2010-02-20 06:17:37 0 ----a-w- c:\windows\syswow64\config.nt
2010-02-20 06:17:17 0 d-----w- c:\programdata\Alwil Software
2010-02-20 06:17:17 0 d-----w- c:\program files\Alwil Software
2010-02-11 04:38:48 132 ----a-w- c:\users\wendy\.gtk-bookmarks
2010-02-09 04:17:44 0 d-----w- c:\programdata\LogiShrd
2010-02-09 04:17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-02-09 04:17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-02-09 04:17:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2010-02-09 04:17:01 190992 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-02-09 04:17:00 96272 ----a-w- c:\windows\system32\KemXML.dll
2010-02-09 04:17:00 235536 ----a-w- c:\windows\system32\KemUtil.dll
2010-02-09 04:17:00 235536 ----a-w- c:\windows\system32\kemutb.dll
2010-02-09 04:17:00 159248 ----a-w- c:\windows\system32\KemWnd.dll
2010-02-09 04:16:54 0 d-----w- c:\programdata\Logitech
2010-02-09 04:16:52 0 d-----w- c:\program files\common files\Logishrd
2010-02-09 04:16:50 0 d-----w- c:\program files\Logitech
2010-02-05 01:55:49 0 d-----w- c:\users\wendy\appdata\roaming\Dell Touch Zone
2010-02-05 01:55:47 0 d-----w- c:\program files (x86)\Dell Touch Zone
2010-02-05 01:42:23 4480 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-02-04 07:29:36 756 ----a-w- c:\users\wendy\appdata\roaming\wklnhst.dat
2010-02-02 02:32:44 0 d-----w- c:\programdata\CyberLink
2010-02-02 01:51:25 0 d--h--w- c:\programdata\CanonBJ
2010-02-01 17:41:01 0 d-----w- c:\users\wendy\appdata\roaming\Roxio Log Files
2010-02-01 06:40:23 15168 ----a-w- c:\windows\system32\results.xml
2010-02-01 06:36:07 0 d-----w- c:\windows\syswow64\SDA
2010-02-01 06:36:07 0 d-----w- c:\program files (x86)\O2Micro
2010-02-01 06:33:50 0 d-----w- c:\program files\IDT
2010-02-01 06:31:55 0 d-----w- c:\program files\ATI Technologies
2010-02-01 06:31:52 0 d-----w- c:\program files\ATI
2010-02-01 06:28:52 5120 ----a-w- c:\windows\system32\HdmiCoin.dll
2010-02-01 06:28:52 138752 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys
2010-02-01 06:26:00 53248 ----a-w- c:\windows\syswow64\CSVer.dll
2010-02-01 06:25:11 0 d-----w- c:\program files (x86)\Realtek
2010-02-01 06:21:31 0 d-----w- c:\program files (x86)\Telespree
2010-02-01 06:21:31 0 d-----w- c:\program files (x86)\common files\Zeepe Framework 7
2010-02-01 06:21:31 0 d-----w- c:\program files (x86)\common files\Telespree
2010-02-01 06:21:30 0 d-----w- c:\programdata\Novatel Wireless
2010-01-31 10:04:19 0 d-----w- c:\programdata\NOS
2010-01-27 17:39:06 389632 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 17:39:06 2870272 ----a-w- c:\windows\explorer.exe
2010-01-27 17:39:06 2614272 ----a-w- c:\windows\syswow64\explorer.exe
2010-01-27 07:52:34 0 d-----w- c:\users\wendy\.thumbnails
2010-01-27 07:19:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-01-27 07:02:40 0 d-----w- c:\users\wendy\.gimp-2.6
2010-01-27 07:02:03 0 d-----w- c:\program files (x86)\GIMP-2.0
2010-01-27 05:59:44 0 d-----w- C:\Temp

==================== Find3M  ====================

2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-01-22 19:54:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll
2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2010-01-14 19:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 07:12:38 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-08 03:38:32 285696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:38:28 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-22 08:36:19 243200 ----a-w- c:\windows\system32\wow64.dll
2009-12-22 08:24:35 14336 ----a-w- c:\windows\syswow64\ntvdm64.dll
2009-12-22 08:23:35 25600 ----a-w- c:\windows\syswow64\setup16.exe
2009-12-22 08:22:10 5120 ----a-w- c:\windows\syswow64\wow32.dll
2009-12-22 04:28:10 7680 ----a-w- c:\windows\syswow64\instnm.exe
2009-12-22 04:28:08 2048 ----a-w- c:\windows\syswow64\user.exe
2009-12-19 09:51:24 1192960 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:50:56 14848 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:49:47 1572352 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:47:56 25088 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:47:53 38912 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:47:46 16384 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:46:35 54272 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-15 10:35:32 760344 ----a-w- c:\windows\syswow64\igxpun.exe
2009-12-15 10:35:32 166424 ----a-w- c:\windows\system32\igfxtray.exe
2009-12-15 10:35:30 510488 ----a-w- c:\windows\system32\igfxsrvc.exe
2009-12-15 10:35:30 3126808 ----a-w- c:\windows\system32\GfxUI.exe
2009-12-15 10:35:28 410136 ----a-w- c:\windows\system32\igfxpers.exe
2009-12-15 10:35:28 390680 ----a-w- c:\windows\system32\hkcmd.exe
2009-12-15 10:35:28 222744 ----a-w- c:\windows\system32\igfxext.exe
2009-12-15 10:35:28 152600 ----a-w- c:\windows\system32\difx64.exe
2009-12-15 10:30:28 91136 ----a-w- c:\windows\system32\igfxCoIn_v2021.dll
2009-12-15 10:26:42 5968896 ----a-w- c:\windows\system32\igdumd64.dll
2009-12-15 10:25:06 982224 ----a-w- c:\windows\syswow64\igkrng500.bin
2009-12-15 10:25:06 982224 ----a-w- c:\windows\system32\igkrng500.bin
2009-12-15 10:25:06 92292 ----a-w- c:\windows\syswow64\igfcg500m.bin
2009-12-15 10:25:06 92292 ----a-w- c:\windows\system32\igfcg500m.bin
2009-12-15 10:25:06 439336 ----a-w- c:\windows\syswow64\igcompkrng500.bin
2009-12-15 10:25:06 439336 ----a-w- c:\windows\system32\igcompkrng500.bin
2009-12-15 10:21:26 4499456 ----a-w- c:\windows\syswow64\igdumd32.dll
2009-12-15 10:16:04 550912 ----a-w- c:\windows\syswow64\igdumdx32.dll
2009-12-15 10:15:04 4099072 ----a-w- c:\windows\system32\igd10umd64.dll
2009-12-15 10:12:00 3896832 ----a-w- c:\windows\syswow64\igd10umd32.dll
2009-12-15 10:08:14 5517312 ----a-w- c:\windows\system32\ig4dev64.dll
2009-12-15 10:07:26 8129024 ----a-w- c:\windows\system32\ig4icd64.dll
2009-12-15 10:02:20 4077568 ----a-w- c:\windows\syswow64\ig4dev32.dll
2009-12-15 10:02:06 6060032 ----a-w- c:\windows\syswow64\ig4icd32.dll
2009-12-15 09:53:30 377856 ----a-w- c:\windows\system32\igfxTMM.dll
2009-12-15 09:53:30 27648 ----a-w- c:\windows\system32\igfxexps.dll
2009-12-15 09:53:28 248320 ----a-w- c:\windows\system32\igfxpph.dll
2009-12-15 09:53:10 61440 ----a-w- c:\windows\system32\igfxsrvc.dll
2009-12-15 09:52:44 108544 ----a-w- c:\windows\system32\hccutils.dll
2009-12-15 09:52:34 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2009-12-15 09:52:34 268800 ----a-w- c:\windows\system32\igfxdev.dll
2009-12-15 09:52:34 119296 ----a-w- c:\windows\system32\gfxSrvc.dll
2009-12-15 09:52:08 9014784 ----a-w- c:\windows\system32\igfxress.dll
2009-12-15 09:52:08 142336 ----a-w- c:\windows\system32\igfxdo.dll
2009-12-15 09:48:30 59392 ----a-w- c:\windows\syswow64\oemdspif.dll
2009-12-15 09:47:36 226304 ----a-w- c:\windows\syswow64\igfxdv32.dll
2009-12-15 09:42:44 208896 ----a-w- c:\windows\syswow64\iglhsip32.dll
2009-12-15 09:42:44 205824 ----a-w- c:\windows\system32\iglhsip64.dll
2009-12-15 09:42:44 187392 ----a-w- c:\windows\system32\iglhcp64.dll
2009-12-15 09:42:44 143360 ----a-w- c:\windows\syswow64\iglhcp32.dll
2009-12-13 09:46:36 960512 ----a-w- c:\windows\system32\CPFilters.dll
2009-12-13 09:46:36 613888 ----a-w- c:\windows\system32\psisdecd.dll
2009-12-13 09:46:34 552960 ----a-w- c:\windows\system32\msdri.dll
2009-12-13 09:30:50 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2009-12-13 09:30:50 465408 ----a-w- c:\windows\syswow64\psisdecd.dll
2009-12-03 17:27:28 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2009-12-03 17:27:28 104480 ----a-w- c:\windows\system32\RTNUninst64.dll
2009-12-02 08:17:14 716800 ----a-w- c:\windows\syswow64\jscript.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-09-30 23:20:52 75 --sh--r- c:\windows\CT4CET.bin
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:28:48.46 ===============

3 Apprentice


20.5K Posts

February 24th, 2010 12:00

We need to see some additional information about what is happening in your machine.

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • Click Yes at the prompt for Optional Scan.
  • When done, DDS will open two (2) logs
  • 1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop.
  • Copy/paste both logs to your reply on the forum.
  • Close the program window, and delete the program from your desktop.
  • Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

28 Posts

February 24th, 2010 13:00

i hope I have gotten right just let me know



DDS (Ver_09-12-01.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/18/2010 7:25:24 PM
System Uptime: 2/24/2010 12:15:52 PM (1 hours ago)

Motherboard: Dell Inc. |  | 0G914P
Processor: Intel(R) Core(TM)2 Duo CPU     T6600  @ 2.20GHz | U2E1 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 451 GiB total, 420.051 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP23: 2/7/2010 1:07:36 AM - Restore Operation
RP24: 2/8/2010 7:55:51 AM - Windows Update
RP27: 2/11/2010 9:14:02 AM - Windows Update
RP28: 2/13/2010 3:00:20 AM - Windows Update
RP29: 2/15/2010 2:44:54 PM - Windows Update
RP30: 2/18/2010 2:14:19 PM - Windows Update
RP31: 2/19/2010 10:17:07 PM - avast! Free Antivirus Setup
RP32: 2/19/2010 11:29:24 PM - avast! Free Antivirus Setup
RP33: 2/20/2010 12:34:11 AM - Installed Reg-Tool
RP34: 2/20/2010 12:37:59 AM - Removed Reg-Tool
RP35: 2/20/2010 12:38:54 AM - Removed Reg-Tool
RP36: 2/20/2010 12:39:38 AM - Removed Reg-Tool
RP37: 2/20/2010 12:40:35 AM - Removed Reg-Tool
RP38: 2/22/2010 12:34:39 AM - Installed Device Package
RP39: 2/22/2010 10:27:27 PM - Windows Update
RP40: 2/22/2010 11:41:49 PM - Windows Update
RP41: 2/23/2010 9:16:45 AM - Windows Update
RP42: 2/23/2010 2:02:24 PM - Windows Update
RP43: 2/23/2010 11:22:45 PM - Windows Update
RP44: 2/24/2010 12:26:47 PM - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Advanced Audio FX Engine
Banctec Service Agreement
Choice Guard
Compatibility Pack for the 2007 Office system
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Driver Download Manager
Dell Getting Started Guide
Dell Mobile Broadband Card Utility
Dell Support Center (Support Software)
Dell Webcam Central
Dell Wireless HSPA Mini-Card Drivers
GIMP 2.6.8
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
IDT Audio
Internet TV for Windows Media Center
IrfanView (remove only)
Java(TM) 6 Update 14
Junk Mail filter update
Live! Cam Avatar Creator
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
O2Micro Flash Memory Card Windows Driver
Realtek 8136 8168 8169 Ethernet Driver
Roxio Burn
Roxio Update Manager
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Center Add-in for Flash
Yahoo! BrowserPlus

==== Event Viewer Messages From Past Week ========

2/24/2010 7:16:15 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
2/24/2010 7:15:48 AM, Error: Application Popup [877]  - There was error [DATABASE OPEN FAILED] processing the driver database.
2/24/2010 12:16:23 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
2/24/2010 12:16:23 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013]  - The DHCP allocator has disabled itself on IP address, since the IP address is outside the scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
2/24/2010 11:00:20 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMCoreService service.
2/24/2010 1:04:05 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer JENNIFER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D1E3EF46-0927-45F8-9C36-4FCBC559C90B}. The master browser is stopping or an election is being forced.
2/22/2010 9:19:48 AM, Error: Application Popup [1060]  - \??\C:\Users\wendy\AppData\Local\Temp\mc25691.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/20/2010 12:03:52 AM, Error: Service Control Manager [7024]  - The Norton Internet Security service terminated with service-specific error %%-1.
2/19/2010 10:24:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0x0000000000000064, 0x0000000000000002, 0x0000000000000000, 0xfffff880074d588e). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021910-22900-01.
2/19/2010 10:15:56 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013]  - The DHCP allocator has disabled itself on IP address, since the IP address is outside the scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

==== End Of File ===========================

3 Apprentice


20.5K Posts

February 24th, 2010 13:00

I cannot open that. Please copy and paste it into your reply.

3 Apprentice


20.5K Posts

February 24th, 2010 13:00

Yes, that's all we need for now.

Wow, that  IS a new computer. I'm sure you have discovered that the internet is not as safe as it was back in the Windows 98 days. I'll give you some prevention tips when we are finished.

I will post more instructions after I review the logs. Give me a couple of hours. In the meantime, disconnect from the internet. Your security on there at the moment is very lacking and that computer is vulnerable.

3 Apprentice


20.5K Posts

February 24th, 2010 13:00

Please post your Attach.txt. Thanks.

28 Posts

February 24th, 2010 13:00

I hope this is what you want - if you need for me to paste in the whole report text please let me know I am keeping an eye on this so I can do whatever as soon as you need it-Thankyou

28 Posts

February 24th, 2010 14:00

I hate admitting it but I haven't had a new computer since windows 98SE came out (pretty bad)  It pretty much has done the trick up til a couple of years ago.  And I never had problems with it when I was online I kept it pretty clean up.  Well I am learning an awful lot about how bad the internet has gotten since I last used it.  Thankyou for your help and I will keep an eye out for your next post. /wendy

3 Apprentice


20.5K Posts

February 24th, 2010 17:00

By default, the built-in administrator account is named Administrator, and is disabled. Please enable it and login as Administrator.
To do that try the first option shown here:

Next, reboot into Safemode as follows:

Restart your computer.

When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Windows 7 Advanced Boot Options.

Select the Safe Mode option using the arrow keys.

Then press the enter key on your keyboard to boot into Windows 7 Safe Mode. Be patient whilethe drivers load. Let Windows do its thing. the screen will look a bit different, but  when Windows starts you will be at a typical logon screen. Logon to your computer and Windows 7 will enter Safe mode.

Please open Task Manager using Ctrl + Shift + Esc

Look for this process and End Task:
Anti-Virus Elite.exe unins000.exe

Browse to and delete these Folders in red text if they exist:
C:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus Elite
C:\Program Files\Anti-Virus Elite

Reboot into normal mode.

Go back and disable the Admin Account. Log out.

Login with your normal user account.

Malwarebytes should have found and removed Anti-Virus Elite. Please open MBAM. Go to the Update Tab. Click on Update. Make sure MBAM has been updated, and run another scan. The top of your MBAM log was cut off earlier. Make sure you post the entire log. Thanks.

Let me know how things are running at that point. Does Anti-Virus Elite seem to be gone?


28 Posts

February 24th, 2010 22:00

sorry this took so long I didn't quite get the adminstrator but I think I finally figured it out.  I went into safe mode and could not find the Anti-Virus Elite.exe unins000.exe in processes.  I did do a search on the different files and found some files on the C: drive.  I tried to delete but kept receiving  an error message  ERROR OX800004002.

I went from safe mode to normal mode and rescanned - below is the log.  If I did anything wrong and I will redo it.  This has been a huge learning experience for me and I very much appreciate your help just let me know what I need to do and it is done.

Malwarebytes' Anti-Malware 1.44
Database version: 3788
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/24/2010 9:51:42 PM
mbam-log-2010-02-24 (21-51-42).txt

Scan type: Quick Scan
Objects scanned: 97587
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3786
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/24/2010 11:39:48 AM
mbam-log-2010-02-24 (11-39-48).txt

Scan type: Quick Scan
Objects scanned: 97670
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\$Recycle.Bin\S-1-5-21-2372496266-1293665413-2271099843-1000\$RDGPNMW.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\wendy\downloads\regtool.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

No Events found!
