MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Possible virus. McAfee won't open, screen errors.
April 04, 2020, 05:45:24 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
April 04, 2020, 05:45:24 AM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Possible virus. McAfee won't open, screen errors.  (Read 2374 times)
kernow89
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 30


Bookmark and Share

View Profile
« on: May 09, 2013, 02:58:02 AM »

My daughter is getting an error popping p when she logs on, not in the admin account though. I am unable to get McAfee to open, I saw what looked like McAfee Site Adviser open but it was just the white box and would only close after opening the task manager and trying multiple times to close.
Also the screen occasionally goes blank, then after about 1 minute you press the windows button and it recovers. I have checked Gateway for any more current drivers, no fix that I can find.
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: May 09, 2013, 10:12:38 PM »



Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2
When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.
 
Refer to this image:
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
  • Close any open windows and double click PCHelpForum.exe to run it.
    You will see the following image:

 
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
 

 
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
 

 
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
 

 
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
Logged

An Australian Member of

EDDY
kernow89
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 30


Bookmark and Share

View Profile
« Reply #2 on: May 10, 2013, 01:12:27 AM »

ComboFix 13-05-09.01 - kim 05/09/2013  20:18:43.1.4 - x64
Running from: c:\users\kim\Desktop\PCHelpForum.exe
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\uninstall.exe
c:\program files (x86)\facemoods.com\sqlite3.dll
c:\program files (x86)\RewardsArcade
c:\program files (x86)\RewardsArcade\appAPIinternalWrapper.js
c:\program files (x86)\RewardsArcade\fb.js
c:\program files (x86)\RewardsArcade\jquery.js
c:\program files (x86)\RewardsArcade\json.js
c:\program files (x86)\RewardsArcade\RewardsArcade.dll
c:\program files (x86)\RewardsArcade\RewardsArcade.exe
c:\program files (x86)\RewardsArcade\Uninstall.exe
c:\program files (x86)\RewardsArcade\UserConfirmation.exe
c:\programdata\SPL2DB5.tmp
c:\programdata\SPL350F.tmp
c:\programdata\SPL55AE.tmp
c:\programdata\SPL8DC9.tmp
c:\programdata\SPL95F8.tmp
c:\programdata\SPL9A5C.tmp
c:\programdata\SPLA257.tmp
c:\programdata\SPLB4BE.tmp
c:\programdata\SPLC02.tmp
c:\programdata\SPLCF8E.tmp
c:\programdata\SPLDAA6.tmp
c:\programdata\SPLEB97.tmp
c:\programdata\SPLF28B.tmp
c:\users\Kim new\AppData\Roaming\Skype
c:\users\Kim new\AppData\Roaming\Skype\shared.lck
c:\users\Kim new\AppData\Roaming\Skype\shared.xml
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-10 to 2013-05-10  )))))))))))))))))))))))))))))))
.
.
2013-05-10 00:30 . 2013-05-10 00:30   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-05-10 00:30 . 2013-05-10 00:30   --------   d-----w-   c:\users\Kim new\AppData\Local\temp
2013-05-09 00:51 . 2013-05-09 00:51   --------   d-----w-   c:\program files (x86)\Common Files\Java
2013-05-09 00:50 . 2013-05-09 00:50   95648   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-09 00:50 . 2013-05-09 00:50   --------   d-----w-   c:\program files (x86)\Java
2013-04-24 23:46 . 2013-04-12 14:45   1656680   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2013-04-14 16:58 . 2013-02-21 10:14   19230208   ----a-w-   c:\windows\system32\mshtml.dll
2013-04-10 19:30 . 2013-02-15 06:06   3717632   ----a-w-   c:\windows\system32\mstscax.dll
2013-04-10 19:30 . 2013-02-15 04:37   3217408   ----a-w-   c:\windows\SysWow64\mstscax.dll
2013-04-10 19:30 . 2013-02-15 06:02   158720   ----a-w-   c:\windows\system32\aaclient.dll
2013-04-10 19:30 . 2013-02-15 04:34   131584   ----a-w-   c:\windows\SysWow64\aaclient.dll
2013-04-10 19:30 . 2013-02-15 06:08   44032   ----a-w-   c:\windows\system32\tsgqec.dll
2013-04-10 19:30 . 2013-02-15 03:25   36864   ----a-w-   c:\windows\SysWow64\tsgqec.dll
2013-04-10 19:30 . 2013-03-01 03:36   3153408   ----a-w-   c:\windows\system32\win32k.sys
2013-04-10 19:30 . 2013-01-24 06:01   223752   ----a-w-   c:\windows\system32\drivers\fvevol.sys
2013-04-10 19:30 . 2013-03-19 06:04   5550424   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-04-10 19:30 . 2013-03-19 05:04   3913560   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 19:29 . 2013-03-19 05:04   3968856   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 19:29 . 2013-03-19 03:06   112640   ----a-w-   c:\windows\system32\smss.exe
2013-04-10 19:29 . 2013-03-19 05:46   43520   ----a-w-   c:\windows\system32\csrsrv.dll
2013-04-10 19:29 . 2013-03-19 04:47   6656   ----a-w-   c:\windows\SysWow64\apisetschema.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-09 00:50 . 2012-05-14 03:02   866720   ----a-w-   c:\windows\SysWow64\npdeployJava1.dll
2013-05-09 00:50 . 2011-04-13 03:44   788896   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-05-02 02:34 . 2012-06-30 12:32   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-14 17:01 . 2011-05-08 00:11   72702784   ----a-w-   c:\windows\system32\MRT.exe
2013-04-02 00:35 . 2013-04-02 00:35   97280   ----a-w-   c:\windows\system32\mshtmled.dll
2013-04-02 00:35 . 2013-04-02 00:35   92160   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 00:35 . 2013-04-02 00:35   905728   ----a-w-   c:\windows\system32\mshtmlmedia.dll
2013-04-02 00:35 . 2013-04-02 00:35   81408   ----a-w-   c:\windows\system32\icardie.dll
2013-04-02 00:35 . 2013-04-02 00:35   77312   ----a-w-   c:\windows\system32\tdc.ocx
2013-04-02 00:35 . 2013-04-02 00:35   762368   ----a-w-   c:\windows\system32\ieapfltr.dll
2013-04-02 00:35 . 2013-04-02 00:35   73728   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 00:35 . 2013-04-02 00:35   719360   ----a-w-   c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 00:35 . 2013-04-02 00:35   62976   ----a-w-   c:\windows\system32\pngfilt.dll
2013-04-02 00:35 . 2013-04-02 00:35   61952   ----a-w-   c:\windows\SysWow64\tdc.ocx
2013-04-02 00:35 . 2013-04-02 00:35   599552   ----a-w-   c:\windows\system32\vbscript.dll
2013-04-02 00:35 . 2013-04-02 00:35   523264   ----a-w-   c:\windows\SysWow64\vbscript.dll
2013-04-02 00:35 . 2013-04-02 00:35   52224   ----a-w-   c:\windows\system32\msfeedsbs.dll
2013-04-02 00:35 . 2013-04-02 00:35   51200   ----a-w-   c:\windows\system32\imgutil.dll
2013-04-02 00:35 . 2013-04-02 00:35   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2013-04-02 00:35 . 2013-04-02 00:35   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2013-04-02 00:35 . 2013-04-02 00:35   452096   ----a-w-   c:\windows\system32\dxtmsft.dll
2013-04-02 00:35 . 2013-04-02 00:35   441856   ----a-w-   c:\windows\system32\html.iec
2013-04-02 00:35 . 2013-04-02 00:35   38400   ----a-w-   c:\windows\SysWow64\imgutil.dll
2013-04-02 00:35 . 2013-04-02 00:35   361984   ----a-w-   c:\windows\SysWow64\html.iec
2013-04-02 00:35 . 2013-04-02 00:35   281600   ----a-w-   c:\windows\system32\dxtrans.dll
2013-04-02 00:35 . 2013-04-02 00:35   27648   ----a-w-   c:\windows\system32\licmgr10.dll
2013-04-02 00:35 . 2013-04-02 00:35   270848   ----a-w-   c:\windows\system32\iedkcs32.dll
2013-04-02 00:35 . 2013-04-02 00:35   247296   ----a-w-   c:\windows\system32\webcheck.dll
2013-04-02 00:35 . 2013-04-02 00:35   235008   ----a-w-   c:\windows\system32\url.dll
2013-04-02 00:35 . 2013-04-02 00:35   23040   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2013-04-02 00:35 . 2013-04-02 00:35   226304   ----a-w-   c:\windows\system32\elshyph.dll
2013-04-02 00:35 . 2013-04-02 00:35   216064   ----a-w-   c:\windows\system32\msls31.dll
2013-04-02 00:35 . 2013-04-02 00:35   197120   ----a-w-   c:\windows\system32\msrating.dll
2013-04-02 00:35 . 2013-04-02 00:35   185344   ----a-w-   c:\windows\SysWow64\elshyph.dll
2013-04-02 00:35 . 2013-04-02 00:35   173568   ----a-w-   c:\windows\system32\ieUnatt.exe
2013-04-02 00:35 . 2013-04-02 00:35   167424   ----a-w-   c:\windows\system32\iexpress.exe
2013-04-02 00:35 . 2013-04-02 00:35   158720   ----a-w-   c:\windows\SysWow64\msls31.dll
2013-04-02 00:35 . 2013-04-02 00:35   1509376   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-04-02 00:35 . 2013-04-02 00:35   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
2013-04-02 00:35 . 2013-04-02 00:35   149504   ----a-w-   c:\windows\system32\occache.dll
2013-04-02 00:35 . 2013-04-02 00:35   144896   ----a-w-   c:\windows\system32\wextract.exe
2013-04-02 00:35 . 2013-04-02 00:35   1441280   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2013-04-02 00:35 . 2013-04-02 00:35   1400416   ----a-w-   c:\windows\system32\ieapfltr.dat
2013-04-02 00:35 . 2013-04-02 00:35   138752   ----a-w-   c:\windows\SysWow64\wextract.exe
2013-04-02 00:35 . 2013-04-02 00:35   13824   ----a-w-   c:\windows\system32\mshta.exe
2013-04-02 00:35 . 2013-04-02 00:35   137216   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2013-04-02 00:35 . 2013-04-02 00:35   136192   ----a-w-   c:\windows\system32\iepeers.dll
2013-04-02 00:35 . 2013-04-02 00:35   135680   ----a-w-   c:\windows\system32\IEAdvpack.dll
2013-04-02 00:35 . 2013-04-02 00:35   12800   ----a-w-   c:\windows\SysWow64\mshta.exe
2013-04-02 00:35 . 2013-04-02 00:35   12800   ----a-w-   c:\windows\system32\msfeedssync.exe
2013-04-02 00:35 . 2013-04-02 00:35   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 00:35 . 2013-04-02 00:35   1054720   ----a-w-   c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 00:35 . 2013-04-02 00:35   102912   ----a-w-   c:\windows\system32\inseng.dll
2013-04-02 00:34 . 2013-04-02 00:34   9728   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   9728   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   648192   ----a-w-   c:\windows\system32\d3d10level9.dll
2013-04-02 00:34 . 2013-04-02 00:34   604160   ----a-w-   c:\windows\SysWow64\d3d10level9.dll
2013-04-02 00:34 . 2013-04-02 00:34   5632   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   5632   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   5632   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   5632   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   522752   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2013-04-02 00:34 . 2013-04-02 00:34   465920   ----a-w-   c:\windows\system32\WMPhoto.dll
2013-04-02 00:34 . 2013-04-02 00:34   417792   ----a-w-   c:\windows\SysWow64\WMPhoto.dll
2013-04-02 00:34 . 2013-04-02 00:34   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   4096   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   3928064   ----a-w-   c:\windows\system32\d2d1.dll
2013-04-02 00:34 . 2013-04-02 00:34   364544   ----a-w-   c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-02 00:34 . 2013-04-02 00:34   363008   ----a-w-   c:\windows\system32\dxgi.dll
2013-04-02 00:34 . 2013-04-02 00:34   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   3584   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   3419136   ----a-w-   c:\windows\SysWow64\d2d1.dll
2013-04-02 00:34 . 2013-04-02 00:34   333312   ----a-w-   c:\windows\system32\d3d10_1core.dll
2013-04-02 00:34 . 2013-04-02 00:34   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   3072   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   3072   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   296960   ----a-w-   c:\windows\system32\d3d10core.dll
2013-04-02 00:34 . 2013-04-02 00:34   293376   ----a-w-   c:\windows\SysWow64\dxgi.dll
2013-04-02 00:34 . 2013-04-02 00:34   2776576   ----a-w-   c:\windows\system32\msmpeg2vdec.dll
2013-04-02 00:34 . 2013-04-02 00:34   2565120   ----a-w-   c:\windows\system32\d3d10warp.dll
2013-04-02 00:34 . 2013-04-02 00:34   2560   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   2560   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 00:34 . 2013-04-02 00:34   249856   ----a-w-   c:\windows\SysWow64\d3d10_1core.dll
2013-04-02 00:34 . 2013-04-02 00:34   245248   ----a-w-   c:\windows\system32\WindowsCodecs*xt.dll
2013-04-02 00:34 . 2013-04-02 00:34   2284544   ----a-w-   c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-02 00:34 . 2013-04-02 00:34   221184   ----a-w-   c:\windows\system32\UIAnimation.dll
2013-04-02 00:34 . 2013-04-02 00:34   220160   ----a-w-   c:\windows\SysWow64\d3d10core.dll
2013-04-02 00:34 . 2013-04-02 00:34   207872   ----a-w-   c:\windows\SysWow64\WindowsCodecs*xt.dll
2013-04-02 00:34 . 2013-04-02 00:34   1988096   ----a-w-   c:\windows\SysWow64\d3d10warp.dll
2013-04-02 00:34 . 2013-04-02 00:34   194560   ----a-w-   c:\windows\system32\d3d10_1.dll
2013-04-02 00:34 . 2013-04-02 00:34   1887232   ----a-w-   c:\windows\system32\d3d11.dll
2013-04-02 00:34 . 2013-04-02 00:34   187392   ----a-w-   c:\windows\SysWow64\UIAnimation.dll
2013-04-02 00:34 . 2013-04-02 00:34   1682432   ----a-w-   c:\windows\system32\XpsPrint.dll
2013-04-02 00:34 . 2013-04-02 00:34   1643520   ----a-w-   c:\windows\system32\DWrite.dll
2013-04-02 00:34 . 2013-04-02 00:34   161792   ----a-w-   c:\windows\SysWow64\d3d10_1.dll
2013-04-02 00:34 . 2013-04-02 00:34   1504768   ----a-w-   c:\windows\SysWow64\d3d11.dll
2013-04-02 00:34 . 2013-04-02 00:34   1424384   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2013-04-02 00:34 . 2013-04-02 00:34   1247744   ----a-w-   c:\windows\SysWow64\DWrite.dll
2013-04-02 00:34 . 2013-04-02 00:34   1238528   ----a-w-   c:\windows\system32\d3d10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"LaunchList"="c:\program files (x86)\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-29 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2010-10-25 1655544]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [2009-04-24 33960]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-09-29 75928]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-27 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-29 202752]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2009-04-24 1032360]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2013-03-04 120592]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-29 243232]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 20:50   1642448   ----a-w-   c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 03:50]
.
2013-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-11 23:34]
.
2013-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-11 23:34]
.
2013-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3804868012-1307550806-808368239-1000Core.job
- c:\users\kim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-13 02:11]
.
2013-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3804868012-1307550806-808368239-1000UA.job
- c:\users\kim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-13 02:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-21 11444840]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2009-04-29 766632]
"EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2009-04-29 139944]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-09-12 531272]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?mtmhp=1
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE: Download with &Shareaza - c:\program files (x86)\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{597A9974-8CB0-4f41-B61F-ED065738A397} - c:\program files (x86)\RewardsArcade\RewardsArcade.dll
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll
Toolbar-Locked - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\uninstall.exe
AddRemove-RewardsArcade - c:\program files (x86)\RewardsArcade\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-09  20:36:37
ComboFix-quarantined-files.txt  2013-05-10 00:36
.
Pre-Run: 533,640,970,240 bytes free
Post-Run: 537,568,387,072 bytes free
.
- - End Of File - - 83A6F1E05E1F246A4B9C0D2106EF14C0
Logged
kernow89
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 30


Bookmark and Share

View Profile
« Reply #3 on: May 10, 2013, 01:14:26 AM »

BTW, I was not able to stop the McAfee as I was not able to launch/open it. I did not think to stop the process.
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: May 10, 2013, 01:34:10 AM »

BTW, I was not able to stop the McAfee as I was not able to launch/open it. I did not think to stop the process.

Ok.Thats fine.Just one last scan..


Please download Malwarebytes Anti-Malware from Malwarebytes.org
Alternate link: Download Mirror
 
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)
 
Double Click mbam-setup.exe to install the application.
 
(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.
If Malwarebytes fails to download please use the following link:
 
http://malwarebytes.org/mbam-download-exe-random.php
Logged

An Australian Member of

EDDY
kernow89
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 30


Bookmark and Share

View Profile
« Reply #5 on: May 11, 2013, 03:35:25 AM »

You were right, it did take a long time to run. Here are the results.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.10.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
kim :: KIM-PC [administrator]

5/10/2013 8:18:17 PM
mbam-log-2013-05-10 (20-18-17).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 508421
Time elapsed: 2 hour(s), 11 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 28
C:\Users\kim\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Files Detected: 78
C:\Users\kim\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\kim\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.

(end)
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: May 11, 2013, 05:28:55 AM »

 
Ok.All done.Log looks good!
 
You can now uninstall ComboFix
 
  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall

 
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
 
  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.
 
Please download OTC to your desktop.
 
Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.
Afterwork'
Malware Prevention
How Did I Get Infected
More Tips on Prevention
Logged

An Australian Member of

EDDY
kernow89
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 30


Bookmark and Share

View Profile
« Reply #7 on: May 11, 2013, 04:54:01 PM »

Thx for your assistance in this issue, one last thing. I am still not able to launch McAfee, it brings up a large white box that is the correct size when you launch it, but you are not able to see any of the info inside. With everything being clean on this PC now, is it in my best interest to uninstall and re-install this program at this point?

Just looking for your professional opinion.
Logged
kernow89
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 30


Bookmark and Share

View Profile
« Reply #8 on: May 11, 2013, 05:26:47 PM »

I also noticed that Skype has an similar issue. It opens with a good screen where the toolbar are available to click, but no information inside the blue screen. I attempted to uninstall and re install with a newer version, but it failed with the same results.
Obviously I am not looking for support on the individual programs, but I see a trend where some programs are not opening correctly and when uninstalled and re-installed I am getting the same result.
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: May 11, 2013, 10:25:55 PM »

Ok.Looking back through the logs I cant see what would cause that problem.I can only suggest that you do a System Restore by going back about a week.
Logged

An Australian Member of

EDDY
BrideLide
Jr. Member
**

Karma: +1/-0
Offline Offline

Gender: Male
Posts: 34


Bookmark and Share

View Profile
« Reply #10 on: March 30, 2018, 07:06:05 PM »

In the past, Ive used Norton, McAfee, AntiVir Person Edition, Avast Home Edition, Grisofts AVG, InoculateIT, and Inoculan.My all-time favorite was InoculateIT, but it stopped being freeware.My second favorite, and the one that I use now, is Grisofts AVG.
Logged
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page March 30, 2020, 02:13:42 PM