How to remove thodjovc.exe?

liferockss · 03 Jun 2012

Hi, I am struggling since morning to find the problems with my laptop, first it was firewall issues..if i start it my internet access was going off , somehow it got fixed may be the 8 hr scan of Windows Security Essential did it,but there is still something thats blocking me from using websites of microsoft or other antivirus/antispyware websites.

Windows security essential found the file mention in subject and said it has no information about it so I sent it. but still I am not able to access the websites

also unable to change firewall settings at its controled by Macfee and it wont start either, downloaded Spyblot but it also did not find anything.

any pointers?

ganjiry · 03 Jun 2012

ello life
u could try downloading Malwarebytes Anti-Malware - CNET Download.com install it and reboot into safe mode by tapping F8.
select safe mode with networking and run malwarebytes.
let it update then run quick scan.
this should find pretty much anything

Corrine · 03 Jun 2012

Hi, liferockss. I think this will take more than Malwarebytes to cure.

THODJOVC.EXE, Prevx

THODJOVC.EXE has been seen to perform the following behavior:

Uses rootkit techniques to conceal its presence, interrogation or removal
Found on infected systems and resists interrogation by security products

THODJOVC.EXE has been the subject of the following behavior:

Added as a Registry auto start to load Program on Boot up

Please download DDS.scr by sUBs and save it to your desktop: Link

Double-Click dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear, DDS.txt and Attach.txt.
A window will open instructing you save & post the logs.
Save the logs to a convenient place such as your desktop.
Copy the contents of both DDS.txt and Attach.txt logs and post in your next reply.

liferockss · 03 Jun 2012

it did not help ganjiry but thanks for the tip of safemode, I was able to download dds.scr from safe mode.
Corrine following is the log

================DDS.txt=============
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by lifeRockss at 23:56:21 on 2012-06-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2980.1695 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\prevhost.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\s&d\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120506161646.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
uRun: [Google Update] "C:\Users\lifeRockss\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [ThoDjovc] C:\Users\lifeRockss\AppData\Local\lewqylml\thodjovc.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] C:\s&d\TeaTimer.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [oc4j] "C:\OBIEE\oc4j_bi\bin\oc4j.cmd" -start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
StartupFolder: C:\Users\DATAMA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\lifeRockss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thodjovc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\s&d\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{23E98992-4C8C-427D-9DAD-577435C59FE4} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{365571A9-CF38-4F1E-934F-97769BA6AC12} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{365571A9-CF38-4F1E-934F-97769BA6AC12}\35B4955323634383 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{365571A9-CF38-4F1E-934F-97769BA6AC12}\44164716D61647963637 : DhcpNameServer = 212.74.112.66 212.74.112.67
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\s&d\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120506161646.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [oc4j] "C:\OBIEE\oc4j_bi\bin\oc4j.cmd" -start
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\lifeRockss\AppData\Roaming\Mozilla\Firefox\Profiles\ns61vjua.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\lifeRockss\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\lifeRockss\AppData\Roaming\Mozilla\Firefox\Profiles\ns61vjua.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Users\lifeRockss\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\lifeRockss\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 14
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-11-4 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-4 89600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-27 116648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-4 13336]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-11-4 199272]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
S2 Oracle BI Server;Oracle BI Server;C:\OBIEE\server\Bin\NQSServer.exe [2011-12-3 49152]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 sawjavahostsvc;Oracle BI Java Host;C:\OBIEE\web\bin\sawjavahostsvc.exe [2011-12-3 94208]
S2 sawsvc;Oracle BI Presentation Server;C:\OBIEE\web\bin\sawserver.exe [2011-12-3 86016]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-2 1153368]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-4 1692480]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-5 2923392]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-4 2656280]
S3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-27 116648]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-11-4 224704]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 Oracle BI Cluster Controller;Oracle BI Cluster Controller;C:\OBIEE\server\Bin\NQSClusterController.exe [2011-12-3 33792]
S3 Oracle BI Scheduler;Oracle BI Scheduler;C:\OBIEE\server\Bin\NQScheduler.exe [2011-12-3 122880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=C:\Windows\System32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-03 22:36:54 -------- d-----w- C:\Users\lifeRockss\AppData\Roaming\Malwarebytes
2012-06-03 22:33:27 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-03 22:33:23 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-03 22:33:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-03 20:07:05 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D86FF11D-98B6-413E-BC1F-E343F672864A}\mpengine.dll
2012-06-03 08:49:56 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78FD9AC8-32CE-4832-BCAB-63B78579596C}\gapaengine.dll
2012-06-03 08:49:51 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-03 08:48:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-03 08:48:07 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-02 22:03:29 -------- d-----w- C:\s&d
2012-06-02 21:55:25 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-02 21:55:25 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-02 20:07:10 -------- d-----w- C:\Sharekhan
2012-06-02 15:42:08 -------- d-----w- C:\Users\lifeRockss\AppData\Roaming\Macrovision
2012-06-02 15:41:44 -------- d-----w- C:\Users\lifeRockss\AppData\Roaming\Roxio Burn
2012-05-27 14:25:35 -------- d-----w- C:\Users\lifeRockss\AppData\Local\blekkotb
2012-05-27 13:30:32 -------- d-----w- C:\Users\lifeRockss\AppData\Roaming\Roxio Log Files
2012-05-24 20:27:48 87884 --s---w- C:\Users\lifeRockss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thodjovc.exe
2012-05-24 20:27:48 -------- d-----w- C:\Users\lifeRockss\AppData\Local\lewqylml
2012-05-14 18:25:08 61440 ----a-w- C:\windows\SysWow64\ISUSPM.cpl
2012-05-14 18:25:08 -------- d-----w- C:\Program Files (x86)\NOW
2012-05-14 18:25:07 385024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2012-05-14 18:25:05 69632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2012-05-14 18:25:05 368640 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2012-05-14 18:25:05 196608 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2012-05-14 18:25:04 446464 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2012-05-14 18:25:04 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2012-05-14 18:23:47 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-05-14 18:23:47 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-05-14 18:23:47 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-05-14 18:23:46 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-05-14 18:23:46 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-05-14 18:23:44 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-05-14 18:23:44 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-05-11 17:02:46 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-05-11 17:02:42 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 17:02:42 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 17:02:41 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 17:02:41 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 17:02:41 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-11 17:02:27 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-05-11 17:02:27 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-05-11 17:02:25 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-11 17:02:24 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-05-11 17:02:23 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 17:02:22 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-11 17:01:48 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-05-06 15:16:44 29272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-05-06 12:27:29 -------- d-----w- C:\Users\lifeRockss\AppData\Roaming\TeamViewer
.
==================== Find3M ====================
.
2012-04-24 11:48:02 525544 ----a-w- C:\windows\System32\deployJava1.dll
2012-04-18 16:12:05 0 ----a-w- C:\windows\SysWow64\shoFA1E.tmp
2012-03-20 19:44:12 98688 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-03-20 19:44:12 203888 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-03-20 12:11:30 162192 ----a-w- C:\windows\System32\mfevtps.exe
.
============= FINISH: 23:57:21.84 ===============

============Attach.txt====================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 02/12/2011 15:20:07
System Uptime: 03/06/2012 23:53:44 (0 hours ago)
.
Motherboard: Dell Inc. | | 01HXXJ
Processor: Intel(R) Celeron(R) CPU B800 @ 1.50GHz | CPU 1 | 1496/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 114.021 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP39: 15/05/2012 03:00:16 - Windows Update
RP40: 27/05/2012 13:11:19 - Scheduled Checkpoint
RP41: 27/05/2012 14:31:36 - Removed Zinio Reader 4
RP42: 29/05/2012 18:43:47 - Removed Skype™ 5.8
RP43: 02/06/2012 21:06:39 - Installed TradeTiger
RP44: 02/06/2012 22:16:17 - Restore Operation
RP45: 03/06/2012 09:49:13 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Advanced Audio FX Engine
µTorrent
Bing Rewards Client Installer
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Stage Remote
Dell VideoStage
Dell Webcam Central
Dell Wireless Driver Installation
DirectX 9 Runtime
eBay
EditPlus 3
ERUNT 1.1j
Free Image Editor 2.4
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
Graphviz 2.28
High-Definition Video Playback
IDT Audio
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 27
Java(TM) 7 Update 1
Java(TM) SE Development Kit 7 Update 1
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee SecurityCenter
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
NOW
Oracle Business Intelligence 10.1.3.4.2
PhotoShowExpress
PlayReady PC Runtime x86
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.9
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
SyncUP
TeamViewer 7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.10
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 16.0
.
==== Event Viewer Messages From Past Week ========
.
27/05/2012 10:01:25, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
27/05/2012 10:01:23, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} as /. The error: "5" Happened while starting this command: "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" -Embedding
27/05/2012 03:12:49, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
03/06/2012 23:55:13, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
03/06/2012 23:54:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
03/06/2012 23:54:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
03/06/2012 23:54:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
03/06/2012 23:54:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
03/06/2012 23:54:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
03/06/2012 23:54:06, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
03/06/2012 23:54:06, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
03/06/2012 23:39:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
03/06/2012 21:52:44, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
03/06/2012 20:53:36, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the OracleMTSRecoveryService service to connect.
03/06/2012 20:53:36, Error: Service Control Manager [7000] - The OracleMTSRecoveryService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/06/2012 20:50:54, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the RPC Endpoint Mapper service, but this action failed with the following error: An instance of the service is already running.
03/06/2012 20:50:51, Error: Service Control Manager [7001] - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error: The service has not been started.
03/06/2012 20:50:51, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: The dependency service or group failed to start.
03/06/2012 20:50:51, Error: Service Control Manager [7001] - The Base Filtering Engine service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
03/06/2012 20:50:48, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network Store Interface Service service to connect.
03/06/2012 20:50:48, Error: Service Control Manager [7001] - The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
03/06/2012 20:50:48, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/06/2012 20:50:08, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
03/06/2012 20:50:08, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/06/2012 20:48:07, Error: Service Control Manager [7001] - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
03/06/2012 20:48:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Diagnostic Policy Service service to connect.
03/06/2012 20:48:02, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The dependency service or group failed to start.
03/06/2012 20:48:02, Error: Service Control Manager [7000] - The Diagnostic Policy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/06/2012 20:47:07, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Event Log service to connect.
03/06/2012 20:47:07, Error: Service Control Manager [7001] - The Windows Audio service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
03/06/2012 20:47:07, Error: Service Control Manager [7000] - The Windows Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/06/2012 20:46:37, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
03/06/2012 20:46:37, Error: Service Control Manager [7001] - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
03/06/2012 20:46:07, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/06/2012 20:46:07, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/06/2012 20:46:07, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
03/06/2012 20:46:07, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/06/2012 20:46:07, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect.
03/06/2012 20:46:07, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/06/2012 20:45:41, Error: Service Control Manager [7031] - The IPsec Policy Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/06/2012 20:45:37, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/06/2012 20:45:37, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
03/06/2012 20:45:37, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/06/2012 20:45:37, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/06/2012 20:37:21, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.
03/06/2012 11:25:53, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
03/06/2012 09:23:36, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
03/06/2012 08:46:42, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
03/06/2012 08:45:46, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
03/06/2012 08:45:46, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
03/06/2012 08:43:19, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
03/06/2012 08:43:14, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
03/06/2012 08:12:11, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
03/06/2012 08:09:44, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
03/06/2012 08:09:41, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
03/06/2012 08:09:38, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
03/06/2012 00:01:49, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
03/06/2012 00:01:38, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
03/06/2012 00:01:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
03/06/2012 00:00:49, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
03/06/2012 00:00:49, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 10:00:19, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================

liferockss · 03 Jun 2012

sorry this was run in safe mode, should I run it in normal mode and repost the log?

Corrine · 03 Jun 2012

Thank you, liferockss. I got enough information from Safe Mode to confirm the autostart is there. (Note for the future: Malwarebytes works best in Normal Mode.)

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click "Yes" to continue scanning for malware.
When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

liferockss · 04 Jun 2012

you the man Corrine...it was quite a task to download and install combofix, the file was getting deleted there were messages of incompatible os , finally renamed it then installed took couple of hrs for it to scan and fix the problem
but finally all looks okay, I can access microsoft and other websites those were blocked before.

Thanks a ton, any tips on which anit-everything to install to stay protected from such nasty programs?

Also, Would like to donate something for this website that has been a saviour, any links for that?
BTW, what is HijackThis log ??
Thanks a ton again.
Cheers

Corrine · 04 Jun 2012

Hi, liferockss.

Sorry about the mention of HijackThis. I primarily provide malware analysis on a forum that uses a different method of BBCode (SMF software) so used an older set of instructions.

Please note that you have the following outdated/vulnerable software installed on your computer:

Adobe Flash Player, current version is 11.2.202.235
Adobe Reader X, current version is 10.1.3
Java(TM) 6 Update 27 <-You need to manually uninstall. The update to version 7 doesn't remove Java SE 6.
Java(TM) 7 Update 1, current version is 7u4

Just because your computer appears fine, I would still like to see the log to determine if any further action is needed.

liferockss · 04 Jun 2012

Hi Corrine,
Thanks much for the info, will remove those softwares.I think Adobe updated created the problem, not very sure thought,even now I am getting notification to update adobe I am just ignoring it.

Following is the log.

Can u suggest any opesource anit-spyware/adware/virus?

Cheers

==================================================
ComboFix 12-06-03.05 - lifeRockss 04/06/2012 2:11.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2980.1741 [GMT 1:00]
Running from: c:\users\lifeRockss\Desktop\qwerty.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\etc
c:\program files (x86)\etc\fonts\conf.avail\10-autohint.conf
c:\program files (x86)\etc\fonts\conf.avail\10-no-sub-pixel.conf
c:\program files (x86)\etc\fonts\conf.avail\10-sub-pixel-bgr.conf
c:\program files (x86)\etc\fonts\conf.avail\10-sub-pixel-rgb.conf
c:\program files (x86)\etc\fonts\conf.avail\10-sub-pixel-vbgr.conf
c:\program files (x86)\etc\fonts\conf.avail\10-sub-pixel-vrgb.conf
c:\program files (x86)\etc\fonts\conf.avail\10-unhinted.conf
c:\program files (x86)\etc\fonts\conf.avail\20-fix-globaladvance.conf
c:\program files (x86)\etc\fonts\conf.avail\20-lohit-gujarati.conf
c:\program files (x86)\etc\fonts\conf.avail\20-unhint-small-vera.conf
c:\program files (x86)\etc\fonts\conf.avail\30-amt-aliases.conf
c:\program files (x86)\etc\fonts\conf.avail\30-urw-aliases.conf
c:\program files (x86)\etc\fonts\conf.avail\40-generic.conf
c:\program files (x86)\etc\fonts\conf.avail\49-sansserif.conf
c:\program files (x86)\etc\fonts\conf.avail\50-user.conf
c:\program files (x86)\etc\fonts\conf.avail\51-local.conf
c:\program files (x86)\etc\fonts\conf.avail\60-latin.conf
c:\program files (x86)\etc\fonts\conf.avail\65-fonts-persian.conf
c:\program files (x86)\etc\fonts\conf.avail\65-nonlatin.conf
c:\program files (x86)\etc\fonts\conf.avail\69-unifont.conf
c:\program files (x86)\etc\fonts\conf.avail\70-no-bitmaps.conf
c:\program files (x86)\etc\fonts\conf.avail\70-yes-bitmaps.conf
c:\program files (x86)\etc\fonts\conf.avail\80-delicious.conf
c:\program files (x86)\etc\fonts\conf.avail\90-synthetic.conf
c:\program files (x86)\etc\fonts\conf.avail\README
c:\program files (x86)\etc\fonts\conf.d\20-fix-globaladvance.conf
c:\program files (x86)\etc\fonts\conf.d\20-lohit-gujarati.conf
c:\program files (x86)\etc\fonts\conf.d\20-unhint-small-vera.conf
c:\program files (x86)\etc\fonts\conf.d\30-amt-aliases.conf
c:\program files (x86)\etc\fonts\conf.d\30-urw-aliases.conf
c:\program files (x86)\etc\fonts\conf.d\40-generic.conf
c:\program files (x86)\etc\fonts\conf.d\49-sansserif.conf
c:\program files (x86)\etc\fonts\conf.d\50-user.conf
c:\program files (x86)\etc\fonts\conf.d\51-local.conf
c:\program files (x86)\etc\fonts\conf.d\60-latin.conf
c:\program files (x86)\etc\fonts\conf.d\65-fonts-persian.conf
c:\program files (x86)\etc\fonts\conf.d\65-nonlatin.conf
c:\program files (x86)\etc\fonts\conf.d\69-unifont.conf
c:\program files (x86)\etc\fonts\conf.d\80-delicious.conf
c:\program files (x86)\etc\fonts\conf.d\90-synthetic.conf
c:\program files (x86)\etc\fonts\fonts.conf
c:\program files (x86)\etc\fonts\fonts.dtd
c:\program files (x86)\etc\gtk-2.0\gdk-pixbuf.loaders
c:\program files (x86)\etc\gtk-2.0\gtk.immodules
c:\program files (x86)\etc\gtk-2.0\gtkrc
c:\users\lifeRockss\AppData\Local\aumsmgur.log
c:\users\lifeRockss\AppData\Local\hboncfgc.log
c:\users\lifeRockss\AppData\Local\jtjvqcqr.log
c:\users\lifeRockss\AppData\Local\lewqylml\thodjovc.exe
c:\users\lifeRockss\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4B038A14-4EA0-4AC6-820E-2F096EE1E8BE}.xps
c:\users\lifeRockss\AppData\Local\niclslqp.log
c:\users\lifeRockss\AppData\Local\ulrxkneb.log
c:\users\lifeRockss\AppData\Local\vcvlgkix.log
c:\users\lifeRockss\AppData\Local\wyobagjq.log
c:\users\lifeRockss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thodjovc.exe
c:\windows\RPSETUP.EXE.LOG
c:\windows\SysWow64\regobj.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 02:10 . 2012-06-04 02:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-03 07:34 . 2012-06-03 07:34 -------- d-----w- c:\program files (x86)\ERUNT
2012-06-02 22:03 . 2012-06-03 07:18 -------- d-----w- C:\s&d
2012-06-02 21:55 . 2012-06-02 22:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-02 21:55 . 2012-06-02 21:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-02 20:07 . 2012-06-02 20:07 -------- d-----w- C:\Sharekhan
2012-06-02 15:42 . 2012-06-02 15:42 -------- d-----w- c:\users\lifeRockss\AppData\Roaming\Macrovision
2012-06-02 15:41 . 2012-06-02 15:41 -------- d-----w- c:\users\lifeRockss\AppData\Roaming\Roxio Burn
2012-05-29 17:49 . 2012-05-29 17:49 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-27 14:25 . 2012-05-27 14:25 -------- d-----w- c:\users\lifeRockss\AppData\Local\blekkotb
2012-05-27 13:30 . 2012-05-27 13:30 -------- d-----w- c:\users\lifeRockss\AppData\Roaming\Roxio Log Files
2012-05-24 20:27 . 2012-06-04 02:07 -------- d-----w- c:\users\lifeRockss\AppData\Local\lewqylml
2012-05-15 02:00 . 2012-05-15 02:00 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-15 02:00 . 2012-05-15 02:00 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-14 18:25 . 2012-05-14 18:25 -------- d-----w- c:\programdata\InstallShield
2012-05-14 18:25 . 2012-05-14 18:25 -------- d-----w- c:\program files (x86)\NOW
2012-05-14 18:25 . 2004-04-16 10:24 61440 ----a-w- c:\windows\SysWow64\ISUSPM.cpl
2012-05-14 18:25 . 2004-04-17 11:40 385024 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2012-05-14 18:25 . 2004-04-17 11:41 196608 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2012-05-14 18:25 . 2004-04-13 05:07 69632 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2012-05-14 18:25 . 2004-04-13 05:06 368640 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2012-05-14 18:25 . 2004-04-23 18:03 446464 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2012-05-14 18:25 . 2004-04-13 05:03 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2012-05-14 18:23 . 2004-04-18 22:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-05-14 18:23 . 2004-04-18 22:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-05-14 18:23 . 2004-04-18 22:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-05-14 18:23 . 2004-04-18 22:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-05-14 18:23 . 2004-04-18 22:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-05-14 18:23 . 2012-05-14 18:23 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-05-14 18:23 . 2012-05-14 18:23 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-05-11 17:02 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 17:02 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 17:02 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 17:02 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 17:02 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 17:02 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 17:02 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 17:02 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 17:02 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 17:02 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 17:02 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 17:02 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 17:01 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-06 15:16 . 2012-03-20 12:06 29272 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2012-05-06 12:27 . 2012-05-06 12:35 -------- d-----w- c:\users\lifeRockss\AppData\Roaming\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 11:48 . 2011-11-04 11:58 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-18 16:12 . 2012-04-18 16:12 0 ----a-w- c:\windows\SysWow64\shoFA1E.tmp
2012-03-20 19:44 . 2012-03-20 19:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2012-03-20 19:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-20 12:11 . 2011-11-04 13:10 162192 ----a-w- c:\windows\system32\mfevtps.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-20 880496]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"SpybotSD TeaTimer"="c:\s&d\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
"oc4j"="c:\obiee\oc4j_bi\bin\oc4j.cmd" [2011-12-03 4983]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
.
c:\users\lifeRockss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 116648]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 116648]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Oracle BI Cluster Controller;Oracle BI Cluster Controller;c:\obiee\server\Bin\NQSClusterController.exe [2011-07-28 33792]
R3 Oracle BI Scheduler;Oracle BI Scheduler;c:\obiee\server\Bin\NQScheduler.exe [2011-07-28 122880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 Oracle BI Server;Oracle BI Server;c:\obiee\server\Bin\NQSServer.exe [2011-07-28 49152]
S2 sawjavahostsvc;Oracle BI Java Host;c:\obiee\web\bin\sawjavahostsvc.exe [2011-07-28 94208]
S2 sawsvc;Oracle BI Presentation Server;c:\obiee\web\bin\sawserver.exe [2011-07-28 86016]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 14:46]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 14:46]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3553815003-590717795-807720870-1000Core.job
- c:\users\lifeRockss\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 15:05]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3553815003-590717795-807720870-1000UA.job
- c:\users\lifeRockss\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 15:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-24 3668336]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\lifeRockss\AppData\Roaming\Mozilla\Firefox\Profiles\ns61vjua.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q=
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ThoDjovc - c:\users\lifeRockss\AppData\Local\lewqylml\thodjovc.exe
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-04 03:50:59
ComboFix-quarantined-files.txt 2012-06-04 02:50
.
Pre-Run: 128,357,838,848 bytes free
Post-Run: 128,015,048,704 bytes free
.
- - End Of File - - A8086D220CE83E336369BF849A173004

Corrine · 05 Jun 2012

Hi, liferockss.

Thank you for posting the log. There is still a remnant that we need to take care of and a bit of cleanup. Please be sure to disable McAfee first and then do the following:

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code:

Folder::
c:\users\lifeRockss\AppData\Local\lewqylml

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.