froswire removal from my PC

I downloaded frostwire to my computer, and I realised my computer has slowed down, I uninstalled it, but still having same problems, can anyone please help.

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/22/2012 at 09:53 PM

Application Version : 5.0.1146

Core Rules Database Version : 8363
Trace Rules Database Version: 6175

Scan type : Complete Scan
Total Scan Time : 02:52:36

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 699
Memory threats detected : 0
Registry items scanned : 34216
Registry threats detected : 0
File items scanned : 194360
File threats detected : 31

Adware.Tracking Cookie
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\T27D044B.txt [ Cookie:cameron@adform.net/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\YF3UNEH4.txt [ Cookie:cameron@accounts.google.com/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\SOB2G2WB.txt [ Cookie:cameron@track.adform.net/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z6M7QQJT.txt [ Cookie:cameron@invitemedia.com/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\KL636RXD.txt [ Cookie:cameron@www.google.co.uk/accounts ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\SUNTPMWT.txt [ Cookie:cameron@interclick.com/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\WSMMYHFY.txt [ Cookie:cameron@media6degrees.com/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\5PRB0YCU.txt [ Cookie:cameron@adbrite.com/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\N5TEDS17.txt [ Cookie:cameron@ar.atwola.com/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\DN2JTN2C.txt [ Cookie:cameron@imrworldwide.com/cgi-bin ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\MXUYESDP.txt [ Cookie:cameron@virginmedia.com/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\XE4VOK0G.txt [ Cookie:cameron@collective-media.net/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\5BFW3CW2.txt [ Cookie:cameron@weborama.fr/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\2IVUWVO3.txt [ Cookie:cameron@atdmt.com/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y8RIXSTJ.txt [ Cookie:cameron@accounts.youtube.com/accounts ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\BNR0L69O.txt [ Cookie:cameron@112.2o7.net/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\UO0WKVE4.txt [ Cookie:cameron@advertising.com/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y50O84LK.txt [ Cookie:cameron@doubleclick.net/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\N6YMTTNH.txt [ Cookie:cameron@tribalfusion.com/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\ENPB5S3G.txt [ Cookie:cameron@revsci.net/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\BRDLUDUE.txt [ Cookie:cameron@baa.solution.weborama.fr/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\KKYH5WFB.txt [ Cookie:cameron@tacoda.at.atwola.com/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\XM6LHO2J.txt [ Cookie:cameron@ru4.com/ ]
C:\USERS\CAMERON\AppData\Roaming\Microsoft\Windows\Cookies\Low\9EJKRZ7L.txt [ Cookie:cameron@questionmarket.com/ ]
account.goodgamestudios.com [ C:\WINDOWS.OLD\USERS\CAMERON\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3DC5LV8F ]
serving-sys.com [ C:\WINDOWS.OLD\USERS\CAMERON\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3DC5LV8F ]
spe.atdmt.com [ C:\WINDOWS.OLD\USERS\CAMERON\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3DC5LV8F ]
tracking.onefeed.co.uk [ C:\WINDOWS.OLD\USERS\CAMERON\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3DC5LV8F ]
C:\WINDOWS.OLD\USERS\CAMERON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CAMERON@APMEBF[1].TXT [ /APMEBF ]
C:\WINDOWS.OLD\USERS\CAMERON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CAMERON@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
C:\WINDOWS.OLD\USERS\CAMERON\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CAMERON@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.22.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Cameron :: CAMERON-PC [administrator]

Protection: Enabled

22/03/2012 18:57:47
mbam-log-2012-03-22 (18-57-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 393910
Time elapsed: 3 hour(s), 18 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

2012/03/22 18:57:23 GMT CAMERON-PC Cameron MESSAGE Starting protection
2012/03/22 18:57:31 GMT CAMERON-PC Cameron MESSAGE Protection started successfully
2012/03/22 18:57:34 GMT CAMERON-PC Cameron MESSAGE Starting IP protection
2012/03/22 18:57:37 GMT CAMERON-PC Cameron MESSAGE IP Protection started successfully
2012/03/22 22:50:53 GMT CAMERON-PC Cameron MESSAGE Executing scheduled update: Daily
2012/03/22 22:51:10 GMT CAMERON-PC Cameron MESSAGE Database already up-to-date

2012/03/23 10:31:52 GMT CAMERON-PC Cameron MESSAGE Starting protection
2012/03/23 10:32:03 GMT CAMERON-PC Cameron MESSAGE Protection started successfully
2012/03/23 10:32:06 GMT CAMERON-PC Cameron MESSAGE Starting IP protection
2012/03/23 10:32:09 GMT CAMERON-PC Cameron MESSAGE IP Protection started successfully

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Cameron at 17:44:15 on 2012-03-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3582.2528 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\FUSServices.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\O2 Assistant\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\rundll32.exe
C:\Program Files\O2 Assistant\bin\tgsrvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\LFOGRPOW.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Companion Suite Pro LL2\MFFSUM.exe
C:\Program Files\Companion Suite Pro LL2\MFPrintServer.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Companion Suite Pro LL2\MFServices.exe
C:\Program Files\O2 Assistant\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120314112459.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [MFFSum_Pro_LL2] "c:\program files\companion suite pro ll2\MFFSUM.exe"
mRun: [MFPrintServer_Pro_LL2] "c:\program files\companion suite pro ll2\MFPrintServer.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [O2DA] "c:\program files\o2 assistant\bin\sprtcmd.exe" /P O2DA
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{34BE12D7-652E-4F7D-997F-84353D445904} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464176]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2012-3-14 64880]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-3-14 165680]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FUSServices;Session Launcher Service;c:\windows\system32\FUSServices.exe [2009-10-16 10752]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-22 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-14 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-14 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-14 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-14 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-3-14 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-3-14 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-3-14 150856]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-3-21 1153368]
R2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files\o2 assistant\bin\sprtsvc.exe [2010-4-23 206120]
R2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files\o2 assistant\bin\tgsrvc.exe [2010-4-23 185640]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-3-14 57600]
R3 FaxLffv2;Companion Suite Pro LL2 Modem Driver;c:\windows\system32\drivers\FaxLffv2.sys [2011-12-11 18944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-22 20464]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-3-14 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-3-14 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-3-14 338176]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\drivers\XMLDIUSB.sys [2008-1-16 33152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ExpressInvoiceService;Express Invoice;c:\program files\nch software\expressinvoice\expressinvoice.exe [2012-2-20 1987588]
S3 InventoriaService;Inventoria Stock Manager;c:\program files\nch software\inventoria\inventoria.exe [2012-2-20 1558532]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-3-14 87656]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-8-17 137472]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-11 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-11 1343400]
.
=============== Created Last 30 ================
.
2012-03-22 18:56:11 -------- d-----w- c:\users\cameron\appdata\roaming\Malwarebytes
2012-03-22 18:55:47 -------- d-----w- c:\programdata\Malwarebytes
2012-03-22 18:55:44 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 18:55:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-22 16:02:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-21 20:40:11 -------- d-----w- c:\users\cameron\appdata\roaming\SUPERAntiSpyware.com
2012-03-21 20:39:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-21 20:39:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-21 17:32:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-21 17:32:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-21 14:24:04 -------- d-----w- C:\95465cf8243a2bba2772c6019f5f
2012-03-16 17:08:08 -------- d-----w- c:\users\cameron\FrostWire
2012-03-16 17:08:03 -------- d-----w- c:\users\cameron\.frostwire5
2012-03-14 21:12:05 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 21:12:05 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 11:24:58 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-03-14 11:24:14 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-03-14 11:24:14 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-03-14 11:24:14 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-03-14 11:24:14 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-03-14 11:24:14 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-03-14 11:24:14 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-03-14 11:24:14 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-03-14 11:24:03 -------- d-----w- c:\program files\common files\Mcafee
2012-03-14 11:24:02 -------- d-----w- c:\program files\McAfee.com
2012-03-14 11:23:59 -------- d-----w- c:\program files\McAfee
2012-03-14 11:15:16 150856 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-14 10:52:45 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 10:52:42 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 10:51:54 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 10:51:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 10:51:53 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 10:51:51 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 10:51:51 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 10:51:50 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-02 11:13:00 -------- d-----w- c:\users\cameron\appdata\local\Diagnostics
2012-02-29 21:44:47 -------- d-----w- c:\program files\FritzTV
2012-02-27 19:50:09 -------- d-----w- c:\program files\Uconomix
.
==================== Find3M ====================
.
2012-02-23 11:29:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
.
============= FINISH: 17:53:17.15 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/12/2011 21:33:33
System Uptime: 23/03/2012 10:41:44 (7 hours ago)
.
Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 179.56 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 932 GiB total, 892.885 GiB free.
Z: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP26: 17/02/2012 17:01:40 - Windows Update
RP27: 20/02/2012 11:21:46 - Windows Backup
RP28: 27/02/2012 11:08:53 - Windows Backup
RP29: 27/02/2012 19:49:28 - Installed uMark Lite 2.0
RP30: 05/03/2012 09:37:24 - Windows Backup
RP31: 08/03/2012 21:43:20 - Installed Java(TM) 6 Update 31
RP32: 12/03/2012 15:30:33 - Windows Backup
RP33: 14/03/2012 21:11:34 - Windows Update
RP34: 19/03/2012 10:53:07 - Windows Backup
RP35: 21/03/2012 14:22:23 - Windows Update
RP36: 22/03/2012 15:48:49 - Removed J2SE Runtime Environment 5.0 Update 17
RP37: 22/03/2012 15:50:31 - Removed Java(TM) 6 Update 31
RP38: 22/03/2012 16:01:12 - Installed Java(TM) 6 Update 31
RP39: 22/03/2012 16:07:31 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements
Adobe Reader X (10.1.2)
Adobe SVG Viewer
Companion Suite Pro LL2
Companion Suite Pro LL2 Drivers
DHTML Editing Component
Express Invoice
Intel(R) 537EP V9x DF PCI Modem
Inventoria Stock Manager
Java Auto Updater
Java(TM) 6 Update 31
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Internet Security
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My O2
Nokia Connectivity Cable Driver
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Spybot - Search & Destroy
SUPERAntiSpyware
Turbo Lister 2
uMark Lite 2.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
.
==== Event Viewer Messages From Past Week ========
.
22/03/2012 18:35:11, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:



* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
**********************************************************
Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="herehttp://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL[/url]] for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.