0

Hi, I was having a problem with my new Dell computer making clicking noises so I called Dell Tec support. He took controll of my computer and ran some checks then told me I had Spyware that had to be removed. Wanted to charge me a high price to do it. My husband is disabled and I have to take care of him. My computer is my life line but I can't afford the high price for them to delete and reinstall files. So here I am asking for help to find out if I really have Spyware and what to do.
I have McAfee is this the best Anti-Virus to have?
I also have Super Anti-Spyware inatalled and ran a scan and it keeps telling me I have
C:\Users\Frances\AppData\Roming\Microsoft\Windows\Cookies
there is a different number of them every time I scan and it always tells me to reboot to remove them but after the reboot when I run a scan they are still there. I tried to uninstall Super Anti-spyware so I could reinstall it just incase there was a problem with it and I could not uninstall it.
I was also wondering if it is safe to have Spyware Blaster with my McAfee. I have it on my laptop but all I have on it is Avast. The McAfee came on my Dell free for a year. I had put the Spyware Blaster on the Dell desktop but McAfee told me to remove it that it would cause problems. I really would like to protect my computer as much as possible but don't want to cause conflicts.

I read and followed the Post as best I could I am not very computer savy. This is what I have, Ran ATF cleaner then GMER and got a message" GMER hasn't found any system modifications" the logs were blank so not sure if I did it right. The only boxes I could check were Services, Registry, Files and C:\ the others were light and would not let me check them.

MBA log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7006

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

7/2/2011 9:37:29 PM
mbam-log-2011-07-02 (21-37-29).txt

Scan type: Full scan (C:\|)
Objects scanned: 295614
Time elapsed: 20 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Is trhis a program that needs to be purchased? At the bottom it said to purchase a key.

DDS log:
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Frances at 21:42:11 on 2011-07-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2574 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512125052.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3DCE3A66-67B5-4F25-8080-51526A209FBC} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512125052.dll
BHO-X64: scriptproxy - No File
BHO-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
BHO-X64: Swag Bucks - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-5 13336]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-4-5 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-4-5 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-4-5 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-07-03 01:15:10 -------- d-----w- C:\Users\Frances\AppData\Roaming\Malwarebytes
2011-07-03 01:15:06 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-03 01:15:06 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-03 01:15:03 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-03 01:15:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-01 00:42:14 -------- d-----w- C:\ProgramData\WinMaximizer
2011-07-01 00:07:18 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-06-30 15:20:58 -------- d-----w- C:\Program Files (x86)\Conduit
2011-06-30 15:20:53 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2011-06-30 15:20:51 -------- d-----w- C:\Program Files (x86)\Swag_Bucks
2011-06-29 23:43:10 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-29 23:43:09 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-29 12:51:19 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-06-29 12:51:19 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-06-29 12:51:19 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-06-29 12:51:19 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-06-29 12:51:19 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-06-14 23:10:39 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-14 23:10:38 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-14 23:10:37 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-14 23:10:37 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-14 23:10:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-14 23:10:36 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-06-14 23:10:31 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-14 23:10:31 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-14 23:10:31 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-14 23:09:42 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-14 23:09:42 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-14 23:09:41 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-14 23:09:41 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-07 16:35:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-06-30 17:54:28 103784 ----a-w- C:\Users\Frances\GoToAssistDownloadHelper.exe
2011-06-25 18:52:36 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 19:10:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-14 18:01:38 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-04-14 18:01:38 94992 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-04-14 18:01:38 75160 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-04-14 18:01:38 63056 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-04-14 18:01:38 530304 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-04-14 18:01:38 441840 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-04-14 18:01:38 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-04-14 18:01:38 190520 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-04-14 18:01:38 149032 ----a-w- C:\Windows\System32\mfevtps.exe
2011-04-14 18:01:38 121376 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-04-12 23:12:09 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-12 23:12:09 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-04-10 01:41:08 1409 ----a-w- C:\Windows\QTFont.for
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-04-05 07:27:44 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-04-05 07:27:44 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-04-05 04:41:00 521448 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 21:42:42.70 ===============
Thank you so much for any help you can give me!

3
Contributors
17
Replies
18
Views
6 Years
Discussion Span
Last Post by jholland1964
0

Hi,

what kind of clicking noise did you hear? When does it happen etc. starting computer, shutdown, watch movies?

Tracking cookies is not exactly a spyware/malware, it's just what your browser always create to store your username and password for some sites. Anti-spyware marked it as dangerous because hacker can steal your confidental document within those cookies so it's advices to delete it.

I can't find any malicious threat in your log so I think your system is clean but I would say wait for a senior members to help you out in advance in case I'm missing some important point...

0

Thank you so much for the quick reply! It was clicking for a while when I clicked on some things while surfing the web. However, I just kept doing my spyware scan and it seems to be gone now. I did go into my program files and deleted a couple of thngs that looked strange. That was before I found this and knew there were wonderful people out there willing to give of their time to help others. Anyway I hope I did not delete anything important but it has been about a week now and I haven't missed anything. If you are right that there is nothing here it seems somebody was trying to just get some money out of me to do a repair that does not need doing.

0

Sorry for the late reply...

Well just want to clarify things a bit. Hope you don't mind...

Does the clicking sound come from your speaker or from your computer? (if your computer is a desktop, not a laptop)

If you have disable your AV for this test, did you re-enable it?

If possible, just want to make sure your system is entirely clean, do an online scan. Use Kaspersky, McAfee, or any online AV scan to confirm that no common malicious files bothering you...

Charging a very high cost ($199) just to remove something isn't worth it. Don't get fool even from official tech help unless you really trust their work...

0

Hello the.avon.lady1, You did not post all the requested logs. It is important that you post the DDS Attach.txt log..So please copy/paste that log here.

flagstar is incorrect, tracking cookies ARE most definitely spyware, hence their name TRACKING cookies. You do NOT want these on the computer. If SAS keeps finding them this means that your browser is NOT configured correctly to block them
Open Internet Explorer, Click Tools, Internet Options. On the General Tab,Browsing History section in the middle click the Settings button. When that opens put a dot in Everytime I visit the web page. Reduce the space saved to use to about 250. Click Ok.
Click the Privacy Tab, then click the Advanced button. When that opens put a check mark in Override automatic cookie handling. Then put a dot in Accept 1st party cookies and a dot in Block 3rd party cookies (those are the tracking cookies)
Also put a check mark in Accept session cookies.Click OK Then close out Internet Options.

From your one DDS log it appears you have a program installed called WinMaximizer. Uninstall this program. It is unnecessary and a junk program. I certainly hope you did not pay for this program, it is a paid program, and is totally unnecessary. These types of programs are never necessary.

SpywareBlaster is an EXCELLENT program and works perfectly well with ALL other security programs, I have used it for years and would never run a computer without it installed and enabled. Keep it updated and fully enabled.

Please post back with that DDS Attach.txt log, be sure to copy/paste it.

0

Hi and thanks so much for your time! I am attaching my latest log I hope this is what you need. I am trying to delete WinMaximer but can't seem to find where it is located. As soon as I post this I am going in to change the IE settings to block the cookies as you suggested. I will also install Spyware Blaster I like the idea of the extra wall of protection. However, not sure why McAfee does not want it there if it does not conflict with their program. McAfee is not my favorite but got it free for one year with my Dell purchase. I will be looking for the best Anti virus to invest into. Thanks again for your time and here is the log:
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Frances at 10:29:22 on 2011-07-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.3083 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512125052.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3DCE3A66-67B5-4F25-8080-51526A209FBC} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512125052.dll
BHO-X64: scriptproxy - No File
BHO-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
BHO-X64: Swag Bucks - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-5 13336]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-4-5 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-4-5 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-4-5 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-07-03 02:51:40 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-03 02:51:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-03 01:15:10 -------- d-----w- C:\Users\Frances\AppData\Roaming\Malwarebytes
2011-07-03 01:15:06 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-03 01:15:03 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-01 00:42:14 -------- d-----w- C:\ProgramData\WinMaximizer
2011-07-01 00:07:18 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-06-30 15:20:58 -------- d-----w- C:\Program Files (x86)\Conduit
2011-06-30 15:20:53 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2011-06-30 15:20:51 -------- d-----w- C:\Program Files (x86)\Swag_Bucks
2011-06-29 23:43:10 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-29 23:43:09 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-29 12:51:19 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-06-29 12:51:19 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-06-29 12:51:19 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-06-29 12:51:19 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-06-29 12:51:19 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-06-14 23:10:39 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-14 23:10:38 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-14 23:10:37 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-14 23:10:37 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-14 23:10:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-14 23:10:36 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-06-14 23:10:31 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-14 23:10:31 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-14 23:10:31 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-14 23:09:42 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-14 23:09:42 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-14 23:09:41 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-14 23:09:41 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-07 16:35:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-06-30 17:54:28 103784 ----a-w- C:\Users\Frances\GoToAssistDownloadHelper.exe
2011-06-25 18:52:36 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 19:10:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-14 18:01:38 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-04-14 18:01:38 94992 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-04-14 18:01:38 75160 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-04-14 18:01:38 63056 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-04-14 18:01:38 530304 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-04-14 18:01:38 441840 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-04-14 18:01:38 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-04-14 18:01:38 190520 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-04-14 18:01:38 149032 ----a-w- C:\Windows\System32\mfevtps.exe
2011-04-14 18:01:38 121376 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-04-12 23:12:09 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-12 23:12:09 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-04-10 01:41:08 1409 ----a-w- C:\Windows\QTFont.for
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
============= FINISH: 10:29:56.67 ===============

0

This one said to send as a zip file sorry but I do not know how to do that.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/9/2011 1:48:44 PM
System Uptime: 7/5/2011 10:07:19 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 018D1Y
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 3203/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 416.423 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP46: 5/19/2011 11:13:41 AM - Windows Update
RP47: 5/22/2011 4:18:48 PM - Installed NetZero For Riverdeep
RP48: 5/22/2011 4:19:26 PM - Installed Kid Pix Deluxe 4
RP49: 5/22/2011 4:51:46 PM - Removed Dell DataSafe Online
RP50: 6/1/2011 8:01:33 PM - Removed Dell DataSafe Local Backup
RP51: 6/14/2011 11:42:50 PM - Windows Update
RP52: 6/18/2011 10:39:41 AM - Removed Microsoft Silverlight
RP53: 6/29/2011 8:54:05 AM - Windows Update
RP54: 6/29/2011 9:52:47 AM - Windows Modules Installer
RP55: 6/30/2011 12:48:10 PM - Windows Update
RP56: 6/30/2011 8:43:42 PM - WinMaximizer Backup
RP57: 7/1/2011 6:41:03 PM - Windows Update
RP58: 7/1/2011 9:31:32 PM - Removed NetZero For Riverdeep
.
==== Installed Programs ======================
.
3600_Help
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.5
Alphabet Express
ArcSoft Print Creations
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Calendar
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CCScore
Conduit Engine
Consumer In-Home Service Agreement
Coupon Printer for Windows
CRI-Resizer
D3DX10
Destinations
DeviceDiscovery
DirectX 9 Runtime
DocProc
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Fax
GoToAssist Corporate
GPBaseService2
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Internet Explorer
J3600
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
kgchday
kgckids
kgcmove
kgcvday
Kid Pix Deluxe 4
Kodak EasyShare software
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft Office 2000 Professional
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OfotoXMI
PhotoShowExpress
ProductContext
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Scan
SFR
SHASTA
skin0001
SKINXSDK
SolutionCenter
Sonic CinePlayer Decoder Pack
staticcr
Status
Swag Bucks Toolbar
Toolbox
TrayApp
VPRINTOL
WebReg
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WIRELESS
.
==== Event Viewer Messages From Past Week ========
.
7/4/2011 9:42:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/2/2011 2:26:35 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/2/2011 2:23:44 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/2/2011 2:23:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/2/2011 2:23:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/2/2011 2:23:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/2/2011 2:23:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/2/2011 2:23:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6
6/30/2011 8:13:24 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
6/30/2011 6:37:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
6/29/2011 9:27:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Frances-PC\Frances SID (S-1-5-21-862105705-1313804406-1711163474-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/29/2011 9:27:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Frances-PC\Frances SID (S-1-5-21-862105705-1313804406-1711163474-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

0

You can't just delete a program, it has to be Uninstalled using Add/Remove. That is where you have to look for it.

Edited by jholland1964: n/a

0

You need to uninstall, using Add/Remove these programs;
Swag Bucks Toolbar
Coupon Printer for Windows

There is absolutely no need for a "special" coupon printer. Any page that has coupons on it can easily be printed using your printer software.
The Swag Bucks toolbar is known malware.

Since you did not purchase McAfee there is absolutely no reason to keep it.
Uninstall it and install one of these very good, highly rated FREE anti-virus programs. Either Avast Free from here;
http://www.avast.com/download-thank-you.php?src=http://files.avast.com/iavs5x/setup_av_free.exe&product=FA&page=free-antivirus-download&locale=en-ww&avast=0


or Avira Free from hee:
http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=11012914

0

I did look there and did not see it but I will look again. I guess it is possible I did delete it already. My computer was makeing a clicking noise earlier in the week when I was surfing on line and that was what got me worried something was wrong as well as not being able to get rid of the tracking cookie that keeps showing up multiple times and won't delete. So , I went in and deleted some things that did not look necessary to me and the clicking has stopped. This computer is a Dell desktop that is just a few months old.

0

I will do as you suggested in your last post that you made while I was typing a response to deleting the WinMaximizer that is the one I can't find. Also I have a quwestion about the Swagbucks. Should I not even bother with going to that site or just not download the toolbar.

0

"I went in and deleted some things that did not look necessary to me and the clicking has stopped"
And how did you know 100% that these were not necessary? You never just delete programs. The must actually be uninstalled. When you just delete them it only removes their name, not the program. Where did you go to delete these items?
Where did the clicking sound come from, INSIDE the computer itself or on a webpage? clicking sounds from INSIDE the computer would generally always be bad and would mean there is likely a bad component, usually the hard drive clicking from a webpage could just be sound effects from the page. Do you have your sound turned on all the time? Many very normal sounds will be heard with the sound turned on and clicking on various web pages.

Edited by jholland1964: n/a

0

The SwagBucks Toolbar is a tracking toolbar. It is not recommended. The website appears to be ok but since I am not familiar with it I cannot say for sure, but the Toolbar is known tracking software.
The WinMaximizer was installed on July 1st. See if you can figure out what else you did that day. It may be located there.Try going to Start and type WinMaximizer into the search window there and see if it finds anything. DON'T delete anything you find just report back if something was found and exactly where.

Edited by jholland1964: n/a

0

I did delete these using the uninstall. You are right that I had no way of knowing 100% that they were not necessary and it was a foolish thing for me to do. I guess I just panicked. When I heard the clicking noise I called Dell Tec support and that is where I was told I had some bad spyware and they wanted to charge me $199 to delete and replace files to rid my computer of spyware. I am paying this computer off and could not afford it. He was pushy telling me if I did not delete the files it could ruin my new computer. My husband is disabled and I take care of him so my computer is my life line but my budget is tight so I deleted a couple of things that looked unimportant again very foolish. Then I did a search for the cookie that is giving me problems and found this web site. I did not know there was help such as this out there. I am 55 yrs old so a little old for the tec age and still trying to learn. The clicking has stopped so I am not sure why it was there.

0

If that's the case then it should be ok. Have no idea why the dell tech support would tell you that they would charge you. You should have at least a 1 year warranty on the computer if it is brand new. That comes with the computer. If I were you I honestly would call Dell back and ask them about it. I have had Dell computers for 8 years and never had this happen.
Hey, you can't "pull the age card on me"....LOL...I am 65! We are always ready to help here so never hesitate to come here.

0

Oh my 65 I guess I will have to quit using my age for an excuse to be ignorant of technology! The Dell tec said that having spyware was not covered under the warranty. I will call back and check with another tec and see what they say about the whole thing. Up until now I have had good luck with them being helpful and responsive. It is my experience with support from various tecs it just depends on who you get. Maybe this guy works off some kind of commission for selling services. Anyway I can't thank you enough for your time and help! Hopefull you have me on the right track and if there was spyware it is gone!!

0

Well that may very well be that spyware removal would not be covered by warranty service. I had not thought of that. I too have had very good results dealing with their service techs. No, their techs would likely NOT be working on commission like that. Sales would be a different story possibly but not their service techs.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.