[Resolved K] Google redirects to random site like search.net

[wazzle13]

When i try googling things the links are redirected to other sites like search.net.  This is not consistent either sometimes the link will work properly and direct me to where i wanted and other times i get linked to random sites. This started yesterday, i ran mcafree and windows defender, and windows defender found something and it took the appropriate actions to delete it.  I tried both scans today and they both didnt find anything, yet the problem persists. Thank you in advance for any help yo can provide.

DDS log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_29
Run by Kiran at 17:43:04 on 2012-02-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6058.3742 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\SafeConnect\scManager.sys
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Users\Kiran\AppData\Local\dplaysvr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Users\Kiran\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111219211551.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Facebook Update] "C:\Users\Kiran\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [dplaysvr] C:\Users\Kiran\AppData\Local\dplaysvr.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Kiran\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kiran\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Kiran\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Kiran\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 128.114.142.6 128.114.129.33
TCP: Interfaces\{55E4C7EA-4A5B-4268-9972-B6102DF7E73A} : DhcpNameServer = 128.114.142.6 128.114.129.33
TCP: Interfaces\{55E4C7EA-4A5B-4268-9972-B6102DF7E73A}\245737970516E64616 : DhcpNameServer = 128.114.142.6 128.114.129.33
TCP: Interfaces\{55E4C7EA-4A5B-4268-9972-B6102DF7E73A}\452796E6967237 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{55E4C7EA-4A5B-4268-9972-B6102DF7E73A}\6516277686563756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{55E4C7EA-4A5B-4268-9972-B6102DF7E73A}\6716277686563756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{55E4C7EA-4A5B-4268-9972-B6102DF7E73A}\D4F6F6C61686 : DhcpNameServer = 68.87.76.182 68.87.78.134
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64:     HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64:     McAfee Phishing Filter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64:     Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111219211551.dll
BHO-X64:     scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64:     HP Smart BHO Class - No File
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kiran\AppData\Roaming\Mozilla\Firefox\Profiles\7m264n09.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kiran\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-15 98208]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-7 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-25 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-25 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-25 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-6-15 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-6-15 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-15 2009704]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-15 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-2-18 378472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-15 2656280]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/06/15 21:42:27;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-16 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-16 136176]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-6-15 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-25 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-28 19:14:23   69000   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{456C2879-3A57-4F25-A587-1761DF960BC0}\offreg.dll
2012-02-28 17:55:47   8643640   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{456C2879-3A57-4F25-A587-1761DF960BC0}\mpengine.dll
2012-02-27 20:20:58   125456   --sh--w-   C:\Users\Kiran\AppData\Local\dplayx.dll
2012-02-27 20:20:57   79888   --sh--w-   C:\Users\Kiran\AppData\Local\dplaysvr.exe
2012-02-18 12:15:21   690688   ----a-w-   C:\Windows\SysWow64\msvcrt.dll
2012-02-18 12:15:21   634880   ----a-w-   C:\Windows\System32\msvcrt.dll
2012-02-17 18:48:23   509952   ----a-w-   C:\Windows\System32\ntshrui.dll
2012-02-17 18:48:23   442880   ----a-w-   C:\Windows\SysWow64\ntshrui.dll
2012-02-17 18:10:45   515584   ----a-w-   C:\Windows\System32\timedate.cpl
2012-02-17 18:10:45   478720   ----a-w-   C:\Windows\SysWow64\timedate.cpl
2012-02-17 18:10:28   3145728   ----a-w-   C:\Windows\System32\win32k.sys
2012-02-17 18:09:32   498688   ----a-w-   C:\Windows\System32\drivers\afd.sys
2012-02-16 08:20:23   --------   d-----w-   C:\Users\Kiran\AppData\Local\Evernote
2012-02-16 08:19:47   --------   d-----w-   C:\Program Files (x86)\Evernote
2012-02-13 02:25:42   --------   d-----w-   C:\Users\Kiran\chemaxon
2012-02-12 00:14:29   --------   d-----w-   C:\Users\Kiran\AppData\Local\{032E0E8C-1B10-459D-B7CC-8D4F5E6E0FEB}
2012-02-12 00:14:16   --------   d-----w-   C:\Users\Kiran\AppData\Local\{7766FC61-E8E1-44E6-BD05-78D7722B50B1}
2012-02-09 20:13:03   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-09 20:13:03   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-09 20:13:03   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-09 20:13:03   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-09 20:13:03   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-09 20:13:03   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-09 20:13:03   159744   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-07 23:51:32   --------   d-----w-   C:\Program Files\iTunes
2012-02-07 23:51:32   --------   d-----w-   C:\Program Files\iPod
2012-02-07 23:51:32   --------   d-----w-   C:\Program Files (x86)\iTunes
2012-02-05 22:25:10   --------   d-----r-   C:\Program Files (x86)\Skype
2012-02-02 07:50:26   --------   d-----w-   C:\Users\Kiran\AppData\Local\ElevatedDiagnostics
.
==================== Find3M  ====================
.
2012-02-29 00:06:42   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-08 05:12:36   87456   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll
2012-02-08 05:12:35   80768   ----a-w-   C:\Windows\System32\LMIinit.dll
2012-02-08 05:12:35   34688   ----a-w-   C:\Windows\System32\LMIport.dll
2012-01-29 13:10:42   279656   ------w-   C:\Windows\System32\MpSigStub.exe
2011-12-14 07:11:03   2308096   ----a-w-   C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30   1390080   ----a-w-   C:\Windows\System32\wininet.dll
2011-12-14 07:03:38   1493504   ----a-w-   C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54   1798656   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18   1127424   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58   1427456   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-12-10 03:45:00   60416   ----a-w-   C:\Windows\System32\drivers\iBtFltCoex.sys
2011-12-10 03:34:00   47616   ----a-w-   C:\Windows\System32\opphelper.dll
2011-12-08 02:22:48   87456   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll.000.bak
.
============= FINISH: 17:43:43.41 ===============


Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/22/2011 3:29:47 PM
System Uptime: 2/28/2012 3:59:49 PM (2 hours ago)
.
Motherboard: Dell Inc. |  | 0YR8NN
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 619.219 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2D1DD76A&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2D1DD76A&0&01
Service: vwifimp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2D1DD76A&0&02
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter #2
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2D1DD76A&0&02
Service: vwifimp
.
==== System Restore Points ===================
.
RP72: 2/14/2012 8:27:20 AM - Windows Update
RP73: 2/16/2012 12:19:14 AM - Installed Evernote v. 4.5.3
RP74: 2/17/2012 10:02:59 AM - Windows Update
RP75: 2/18/2012 4:15:02 AM - Windows Update
RP76: 2/21/2012 9:02:44 AM - Windows Update
RP77: 2/24/2012 9:40:02 AM - Windows Update
RP78: 2/25/2012 12:06:00 AM - Installed Dell Stage
RP80: 2/27/2012 7:26:37 PM - Windows Defender Checkpoint
RP81: 2/28/2012 9:55:15 AM - Windows Update
.
==== Installed Programs ======================
.
AccelerometerP11
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.2) MUI
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
BufferChm
Consumer In-Home Service Agreement
Coupon Printer for Windows
Cozi
CyberLink PowerDVD 9.6
D110
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Driver Download Manager
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
Dell Webcam Central
Destinations
DeviceDiscovery
DirectX 9 Runtime
Double Play - Family Feud(TM) I & II
Dropbox
eBay
Evernote v. 4.5.3
Facebook Video Calling 1.1.1.1
Google Earth Plug-in
Google Update Helper
GoToAssist Corporate
GPBaseService2
HP Photo Creations
HP Update
HPAppStudio
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Wireless Display
Internet Explorer
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
LogMeIn
MarketResearch
McAfee SecurityCenter
Mesh Runtime
Microsoft Default Manager
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 10.0.2 (x86 en-US)
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Stereoscopic 3D Driver
PhotoShowExpress
PokerStars.net
PS_AIO_07_D110_SW_Min
QuickTime
QuickTransfer
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
SafeConnect
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype™ 5.8
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
Status
System Requirements Lab for Intel
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
2/26/2012 9:27:57 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
2/24/2012 11:56:07 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{55E4C7EA-4A5B-4268-9972-B6102DF7E73A} because another computer on the network has the same name.  The server could not start.
.
==== End Of File ===========================

[kevinf80]

Hello wazzle13 and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

• Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
• Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
• Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
• Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.
  
• If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
• If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
• If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Step 1

Please visit Virustotal

• Click the Browse... button
  
• Navigate to the file C:\Users\Kiran\AppData\Local\dplayx.dll
  
• Click the Open button
  
• Click the Send button
  
• If you get a message saying File has already been analyzed: click Reanalyze file now
• Copy and paste the results back here please.
• Repeat the above steps for the following files

C:\Users\Kiran\AppData\Local\dplaysvr.exe

Step 2

Download aswMBR from Here
If it asks to update during the process please allow this to happen.

• Save aswMBR.exe to your Desktop
• Double click aswMBR.exe to run it
• Ensure Quick scan is selected,then select Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

   

• Once the scan finishes click Save log to save the log to your Desktop.

   

• Copy and paste the contents of aswMBR.txt back here for review
• You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

Let me see the results from VirusTotal and log from aswMBR in your reply..

Kevin

[wazzle13]

To make an update, earlier today i had some troubles controlling my mouse icon, like it wasn't moving properly.

dplayx.dll results

AhnLab-V3    -    20120228
AntiVir    TR/Crypt.XPACK.Gen    20120228
Antiy-AVL    -    20120228
Avast    Win32:Trojan-gen    20120228
AVG    Agent_r.BBQ    20120229
BitDefender    Gen:Heur.Conjar.8    20120229
ByteHero    -    20120225
CAT-QuickHeal    -    20120228
ClamAV    -    20120229
Commtouch    -    20120229
Comodo    -    20120229
DrWeb    -    20120229
Emsisoft    Trojan.Win32.Cleaman!IK    20120229
eSafe    -    20120227
eTrust-Vet    Win32/Cleaman.C!generic    20120228
F-Prot    -    20120228
F-Secure    Gen:Heur.Conjar.8    20120229
Fortinet    -    20120229
GData    Gen:Heur.Conjar.8    20120229
Ikarus    Trojan.Win32.Cleaman    20120229
Jiangmin    -    20120228
K7AntiVirus    Trojan    20120228
Kaspersky    HEUR:Trojan.Win32.Generic    20120229
McAfee    Generic Downloader.ml    20120229
McAfee-GW-Edition    -    20120228
Microsoft    Trojan:Win32/Cleaman.B    20120228
NOD32    a variant of Win32/Kryptik.ABOV    20120229
Norman    W32/Krypt.DZ    20120228
nProtect    -    20120228
Panda    -    20120228
PCTools    -    20120228
Prevx    -    20120229
Rising    -    20120228
Sophos    -    20120229
SUPERAntiSpyware    -    20120229
Symantec    -    20120229
TheHacker    -    20120228
TrendMicro    -    20120228
TrendMicro-HouseCall    -    20120229
VBA32    -    20120228
VIPRE    -    20120229
ViRobot    -    20120229
VirusBuster    -

dplaysvr results

AhnLab-V3    -    20120228
AntiVir    -    20120228
Antiy-AVL    -    20120228
Avast    Win32:Dropper-gen [Drp]    20120228
AVG    Agent_r.BBR    20120229
BitDefender    Gen:Heur.Conjar.8    20120229
ByteHero    -    20120222
CAT-QuickHeal    -    20120228
ClamAV    -    20120229
Commtouch    -    20120229
Comodo    -    20120229
DrWeb    Trojan.Siggen3.46495    20120229
Emsisoft    Trojan.Win32.Cleaman!IK    20120229
eSafe    -    20120227
eTrust-Vet    Win32/Cleaman.C!generic    20120228
F-Prot    -    20120228
F-Secure    Gen:Heur.Conjar.8    20120229
Fortinet    -    20120229
GData    Gen:Heur.Conjar.8    20120229
Ikarus    Trojan.Win32.Cleaman    20120229
Jiangmin    -    20120228
K7AntiVirus    Trojan    20120228
Kaspersky    HEUR:Trojan.Win32.Generic    20120229
McAfee    -    20120229
McAfee-GW-Edition    -    20120228
Microsoft    Trojan:Win32/Cleaman.G    20120228
NOD32    a variant of Win32/Kryptik.ABOV    20120229
Norman    W32/Krypt.DZ    20120228
nProtect    -    20120228
Panda    -    20120228
PCTools    -    20120228
Prevx    -    20120229
Rising    -    20120228
Sophos    -    20120229
SUPERAntiSpyware    -    20120229
Symantec    -    20120229
TheHacker    -    20120228
TrendMicro    -    20120228
TrendMicro-HouseCall    -    20120229
VBA32    -    20120228
VIPRE    -    20120229
ViRobot    -    20120229
VirusBuster    -

aswMBR

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-28 21:23:35
-----------------------------
21:23:35.273    OS Version: Windows x64 6.1.7601 Service Pack 1
21:23:35.274    Number of processors: 8 586 0x2A07
21:23:35.274    ComputerName: KIRAN-PC  UserName: Kiran
21:23:36.609    Initialize success
21:25:24.958    AVAST engine defs: 12022802
21:25:47.754    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:25:47.756    Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
21:25:47.776    Disk 0 MBR read successfully
21:25:47.779    Disk 0 MBR scan
21:25:47.783    Disk 0 Windows VISTA default MBR code
21:25:47.785    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      101 MB offset 63
21:25:47.790    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 208896
21:25:47.802    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       700301 MB offset 30928896
21:25:47.828    Disk 0 scanning C:\Windows\system32\drivers
21:26:02.881    Service scanning
21:26:20.409    Modules scanning
21:26:20.429    Disk 0 trace - called modules:
21:26:20.441    ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
21:26:20.445    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ef2060]
21:26:20.450    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007d49c50]
21:26:20.454    5 stdcfltn.sys[fffff88001b3fc52] -> nt!IofCallDriver -> [0xfffffa8006362560]
21:26:20.459    7 ACPI.sys[fffff88000ee87a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006366050]
21:26:22.229    AVAST engine scan C:\Windows
21:26:24.876    AVAST engine scan C:\Windows\system32
21:30:05.998    AVAST engine scan C:\Windows\system32\drivers
21:30:15.148    AVAST engine scan C:\Users\Kiran
21:30:41.068    File: C:\Users\Kiran\AppData\Local\dplaysvr.exe  **INFECTED** Win32:Dropper-gen [Drp]
21:30:41.103    File: C:\Users\Kiran\AppData\Local\dplayx.dll  **INFECTED** Win32:Trojan-gen
21:31:28.436    File: C:\Users\Kiran\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ORKN079X\10[1].exe  **INFECTED** Win32:MalOb-HN [Cryp]
21:31:45.611    File: C:\Users\Kiran\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RVHMH59J\6[1].exe  **INFECTED** Win32:Dropper-gen [Drp]
21:33:16.992    File: C:\Users\Kiran\AppData\Local\Temp\FCBD.tmp  **INFECTED** Win32:MalOb-HN [Cryp]
21:38:21.967    AVAST engine scan C:\ProgramData
21:41:30.572    Scan finished successfully
21:42:01.872    Disk 0 MBR has been saved successfully to "C:\Users\Kiran\Desktop\MBR.dat"
21:42:01.880    The log file has been saved successfully to "C:\Users\Kiran\Desktop\aswMBR.txt"

The MBR.dat log will be attached as requested

[kevinf80]

Thanks for the logs, run the following:

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see that log please...

[wazzle13]

MBAM log as requested, thanks for the help so far!!

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kiran :: KIRAN-PC [administrator]

2/28/2012 10:30:13 PM
mbam-log-2012-02-28 (22-30-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226455
Time elapsed: 5 minute(s),

Memory Processes Detected: 1
C:\Users\Kiran\AppData\Local\dplaysvr.exe (Spyware.Password) -> 1552 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Spyware.Password) -> Data: C:\Users\Kiran\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\Kiran\AppData\Local\dplaysvr.exe (Spyware.Password) -> Delete on reboot.
C:\Users\Kiran\AppData\Local\Temp\FCBD.tmp (Trojan.Agent.PE5) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-68.exe (Trojan.Agent.PE5) -> Quarantined and deleted successfully.
C:\Users\Kiran\Local Settings\dplaysvr.exe (Spyware.Password) -> Delete on reboot.
C:\Users\Kiran\Local Settings\Application Data\dplaysvr.exe (Spyware.Password) -> Delete on reboot.
C:\Users\Kiran\Local Settings\Temporary Internet Files\Content.IE5\ORKN079X\10[1].exe (Trojan.Agent.PE5) -> Quarantined and deleted successfully.
C:\Users\Kiran\Local Settings\Temporary Internet Files\Content.IE5\RVHMH59J\6[1].exe (Spyware.Password) -> Quarantined and deleted successfully.

(end)

[kevinf80]

Re-run aswMBR and post the log, no need to attach the MBR this time. Also give an update on cureent issues...

Kevin

[wazzle13]

Currently everything seems ok, but this experience is from a short usage time from today.

aswMBR log

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-29 20:02:30
-----------------------------
20:02:30.978    OS Version: Windows x64 6.1.7601 Service Pack 1
20:02:30.978    Number of processors: 8 586 0x2A07
20:02:30.978    ComputerName: KIRAN-PC  UserName: Kiran
20:02:32.283    Initialize success
20:02:40.319    AVAST engine defs: 12022802
20:02:55.596    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:02:55.612    Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
20:02:55.627    Disk 0 MBR read successfully
20:02:55.643    Disk 0 MBR scan
20:02:55.659    Disk 0 Windows VISTA default MBR code
20:02:55.674    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      101 MB offset 63
20:02:55.690    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 208896
20:02:55.721    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       700301 MB offset 30928896
20:02:55.768    Disk 0 scanning C:\Windows\system32\drivers
20:03:05.136    Service scanning
20:03:23.601    Modules scanning
20:03:23.609    Disk 0 trace - called modules:
20:03:23.635    ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
20:03:23.649    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ef4060]
20:03:23.868    3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8007d49cb0]
20:03:23.874    5 stdcfltn.sys[fffff88001b7dc52] -> nt!IofCallDriver -> [0xfffffa8006368e40]
20:03:23.874    7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006367050]
20:03:25.993    AVAST engine scan C:\Windows
20:03:31.318    AVAST engine scan C:\Windows\system32
20:05:46.279    AVAST engine scan C:\Windows\system32\drivers
20:05:55.421    AVAST engine scan C:\Users\Kiran
20:06:09.090    File: C:\Users\Kiran\AppData\Local\dplayx.dll  **INFECTED** Win32:Trojan-gen
20:10:44.973    AVAST engine scan C:\ProgramData
20:13:42.241    Scan finished successfully
20:14:06.659    Disk 0 MBR has been saved successfully to "C:\Users\Kiran\Desktop\MBR.dat"
20:14:06.668    The log file has been saved successfully to "C:\Users\Kiran\Desktop\aswMBR 2.txt"

[kevinf80]

Thanks for the log and feedback, ok continue as follows:

If your security alerts to any of the following steps please accept and allow....

Step 1

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2 
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

Code: [Select]

:Files
C:\Users\Kiran\AppData\Local\dplayx.dll
ipconfig /flushdns /c
:Commands
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
 

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Run ESET Online Scan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
• Check
  
• Leave the tick out of remove found threats
  
• Push the Start button.
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push
  

You can refer to this animation by neomage if needed.
Frequently asked questions available Here  Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Let me see the logs from OTM and ESET, also give update on current issues or concerns....

Kevin

[wazzle13]

First of all thank you for you're help so far and sorry for not being as prompt with a reply. The computer seems to be running fine at this time, nothing noticeable is wrong. The logs are below as requested.

Oldtimer log

All processes killed
========== FILES ==========
DllUnregisterServer procedure not found in C:\Users\Kiran\AppData\Local\dplayx.dll
C:\Users\Kiran\AppData\Local\dplayx.dll moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kiran\Desktop\cmd.bat deleted successfully.
C:\Users\Kiran\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Kiran
->Temp folder emptied: 478716779 bytes
->Temporary Internet Files folder emptied: 191549432 bytes
->Java cache emptied: 16057632 bytes
->FireFox cache emptied: 241605453 bytes
->Google Chrome cache emptied: 8792313 bytes
->Flash cache emptied: 150428 bytes
 
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 219621900 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 962590565 bytes
 
Total Files Cleaned = 2,021.00 mb
 
Restore point Set: OTM Restore Point
 
OTM by OldTimer - Version 3.1.19.0 log created on 03022012_094404

Files moved on Reboot...
C:\Users\Kiran\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Windows\temp\mcafee_KbjHbVXY6QFHRGW not found!

Registry entries deleted on Reboot...

Eset log

C:\_OTM\MovedFiles\03022012_094404\C_Users\Kiran\AppData\Local\dplayx.dll   a variant of Win32/Kryptik.ABOV trojan

[kevinf80]

OK, No problem with replies, run the following:

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Kevin

[wazzle13]

Checkup log

Results of screen317's Security Check version 0.99.31 
 Windows 7  x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 ESET Online Scanner v3   
 McAfee SecurityCenter     
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Java(TM) 6 Update 29 
 Java version out of date!
 Adobe Reader X (10.1.2)
 Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 mcafee VirusScan mcods.exe 
``````````End of Log````````````

[kevinf80]

OK run the following:

Step 1

Turn OFF your Windows Firewall, McAfee Security has its own FW, running two is couterproductive....

Step 2

• Download OTC by OldTimer and save it to your desktop. Alternative mirror
  
• Double click icon to start the program.
  If you are using Vista or Windows 7, please right-click and choose run as administrator
  
• Then Click the big button.
  
• You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  
• Restart your computer when prompted.
• This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.
  

If any of the following remain on your Desktop either delete or drag to the recycle bin:

DDS
aswMBR
aswMBR.txt
aswMBR.dat
aswMBR.zip

Step 3

Remove ESET online scanner:

• Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
  
• Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.
  

Step 4

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
The most current version of Sun Java is: Java Runtime Environment Version 6 Update 31.

• Go to Sun Java
  
• Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
  
• Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
• Reboot your computer

Step 5

Create a new restore point:

   1. Right-click on Computer and go to Properties.
   2. Next click on the System Protection link.
   3. The System Properties dialog screen opens up and you will want to click on Create.
   4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.
   5. You should see the message "The restore point was created successfully

To remove all but the most recent restore point do the following:

   1.      Open Disk Cleanup by clicking the Start button . In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
   2.      If prompted, select the drive that you want to clean up, and then click OK.
   3.      In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
   4.      If prompted, select the drive that you want to clean up, and then click OK.
   5.      Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
   6.      In the Disk Cleanup dialog box, click Delete.
   7.      Click Delete Files, and then click OK. Re-Boot your PC.

Let me know if those steps complete OK, also let me know if any remaining issues or concerns..

Kevin

[wazzle13]

Hi Kevin,

I was not able to disable the firewall because when I tried it said it was being managed by McAfree.  Also, I was not able to do step 2 because each time I tried McAfree would say a trojan was quarantined.  I did not proceed past that step because I didn't want to mess something up. Hopefully this issue can get resolved.

[kevinf80]

McAfee Security Center has its own Firewall, normally it will turn OFF Windows FW, i`ve never come across a situation where it keeps it running.
Try uninstalling uninstalling/reinstalling McAfee and see if that cures the problem, if that does not work re-boot into Safe Mode > select >Start > type services.msc into the search box and tap enter. In the new Window scroll to Windows Firewall, right click on that entry and select "Properties" in the new window select "Stop" use the drop down at "start up type" set that to disabled.

Regarding OTC, this is very safe and only removes tools we have used and itself. Run again, if McAfee alerts to it just accept the alert and allow it to run.

If McAfee does not give the option to let let OTC run, use OTM if it still on your Desktop:

• Double-click OTM.exe to run it. Windows 7 or Vista users right click and select "Run as Administrator"
• While connected to the Internet, Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
• It should ask if you want to clean up, select Yes and allow the system to clean up these items.

NOW please reboot your computer to finish the cleanup process.

Complete the rest of the steps,

Kevin

[wazzle13]

Hi Kevin,

The thing with my McAfree is that it came with my laptop so if i were to uninstall it, I wouldn't have a way to reinstall it. For a more complete description of what it says when i try to turn off the firewall, it say these settings are being managed by vendor application McAfree Personal Firewall. Also, McAfree wouldn't allow me to run OTC so i used OTM as instructed and also completed the rest of the steps. I hope this concludes our battle over whatever infected my computer!   Thank you very much for all the help and technical knowledge you provided.