The specified device does not exist as an installed service

Lorgeo · May 23, 2012

Please Help!!

Vista....."Severe Alert" Ran McAfee and found trojan and removed. Could not run Mbam. Started in safe mode ram Mbam found/removed 2 trojans. No network connectivity, Any attempt to restart DNS etc returns "The specified device does not exist as an installed service". Ran HiJaCK THIS.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:13:10 PM, on 5/23/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Microsoft Money\System\Money Express.exe

C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe

C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe

C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Windows\SysWOW64\rundll32.exe

C:\DSI\FID-FARINA\inetupapp.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\DSI\FIDLITE\inetupapp.exe

C:\DSI\FIDLITE2\inetupapp.exe

C:\DSI\FIDLITE3\inetupapp.exe

C:\DSI\OLDREPLITE2\inetupapp.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Users\Sharon\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...client&ie=UTF-8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: StartNowToolbarHelper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426182648.dll

O2 - BHO: Browse For Change BHO - {912C156F-05CF-4B62-851A-96E167A677B0} - mscoree.dll (file missing)

O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

O3 - Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

O4 - HKLM\..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files (x86)\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [sightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [kprcl] rundll32.exe "C:\Users\Sharon\AppData\Local\Temp\kprcl.dll",Wiz_SingleEntryUnzip

O4 - HKCU\..\Run: [nsutut] rundll32.exe "C:\Users\Sharon\AppData\Local\Temp\nsutut.dll",IntersectTri

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Startup: Displaysoft Online Updates - c--DSI-FID-FARINA.lnk = C:\DSI\FID-FARINA\inetupapp.exe

O4 - Startup: Displaysoft Online Updates - C--DSI-FIDLITE.lnk = C:\DSI\FIDLITE\inetupapp.exe

O4 - Startup: Displaysoft Online Updates - c--DSI-FIDLITE2.lnk = C:\DSI\FIDLITE2\inetupapp.exe

O4 - Startup: Displaysoft Online Updates - c--DSI-FIDLITE3.lnk = C:\DSI\FIDLITE3\inetupapp.exe

O4 - Startup: Displaysoft Online Updates - c--DSI-OLDREPLITE.lnk = C:\DSI\OLDREPLITE\inetupapp.exe

O4 - Startup: Displaysoft Online Updates - c--DSI-OLDREPLITE2.lnk = C:\DSI\OLDREPLITE2\inetupapp.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://www.caldirectsecuredocs.com

O15 - Trusted Zone: http://microsite.coupons.com

O15 - Trusted Zone: http://www.ditechsecuredocs.com

O15 - Trusted Zone: http://www.ditechsecuredocs.net

O15 - Trusted Zone: http://www.docmagic.com

O15 - Trusted Zone: http://gateway.elynx.com

O15 - Trusted Zone: http://stest.lane100.elynx.com

O15 - Trusted Zone: http://stest.lane200.elynx.com

O15 - Trusted Zone: http://aegis.elynx.net

O15 - Trusted Zone: http://ctest.elynx.net

O15 - Trusted Zone: http://ctest.lane100.elynx.net

O15 - Trusted Zone: http://forms.elynx.net

O15 - Trusted Zone: http://gateway.elynx.net

O15 - Trusted Zone: http://gateway.ctest.elynx.net

O15 - Trusted Zone: http://gmacforms.elynx.net

O15 - Trusted Zone: http://pro.elynx.net

O15 - Trusted Zone: http://secure.elynx.net

O15 - Trusted Zone: http://ssctest.elynx.net

O15 - Trusted Zone: http://stest.elynx.net

O15 - Trusted Zone: http://usign.elynx.net

O15 - Trusted Zone: http://webpost.elynx.net

O15 - Trusted Zone: http://www.gmacmsecuredocs.com

O15 - Trusted Zone: http://www.gmacmsecuredocs.net

O15 - Trusted Zone: http://www.gmamcsecuredocs.com

O15 - Trusted Zone: http://mortgage-esign.us.hsbc.com

O15 - Trusted Zone: http://*.mcafee.com

O15 - Trusted Zone: http://loandocs.ss3.swiftsend.com

O15 - Trusted Zone: http://docs.swiftsend.com

O15 - Trusted Zone: http://gateway.swiftsend.com

O15 - Trusted Zone: http://loandocs.swiftsend.com

O15 - Trusted Zone: http://loandocs.ss3.swiftsend.com

O15 - Trusted Zone: http://www.swiftsend.com

O15 - Trusted Zone: http://docs.swiftsend2.com

O15 - Trusted Zone: http://loandocs.swiftsend2.com

O15 - Trusted Zone: http://products.swiftview.com

O15 - Trusted Zone: http://www.swiftview.com

O15 - Trusted Zone: http://www.wamuloandocs.com

O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F127} (Sview Control) - https://secure.elynx...ll_t_zhp_ss.exe

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: B-Service - Unknown owner - C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7RD6PBX\B-Service.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_4b8037c7\STacSV64.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Toolbar Updater Service - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15763 bytes

Elise · May 24, 2012

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
[*]Double click on the DDS icon, allow it to run.
[*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.
[*]Notepad will open with the results.
[*]Follow the instructions that pop up for posting the results.
[*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Lorgeo · May 24, 2012

Hello and
We need to see some information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.scr
DDS.pif
[*]Double click on the DDS icon, allow it to run.
[*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.
[*]Notepad will open with the results.
[*]Follow the instructions that pop up for posting the results.
[*]Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

Thank you Elise. I couldn't figure out how to attach. I hope this is OK. Thanks again,

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL

Internet Explorer: 9.0.8112.16421

Run by Sharon at 6:52:29 on 2012-05-24

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.5438 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\helppane.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.google.com/webhp?sourceid=navclient&ie=UTF-8

uSearch Bar = Preserve

uWindow Title = Internet Explorer provided by Dell

mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081204

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426182648.dll

BHO: Browse For Change BHO: {912c156f-05cf-4b62-851a-96e167a677b0} - mscoree.dll

BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files (x86)\Wajam\IE\wajam.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - C:\Program Files (x86)\Dell\BAE\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB: {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [MoneyAgent] "C:\Program Files (x86)\Microsoft Money\System\Money Express.exe"

uRun: [sightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

uRun: [kprcl] rundll32.exe "C:\Users\Sharon\AppData\Local\Temp\kprcl.dll",Wiz_SingleEntryUnzip

uRun: [nsutut] rundll32.exe "C:\Users\Sharon\AppData\Local\Temp\nsutut.dll",IntersectTri

uRun: [sliMjbIOjKwyvCu] C:\ProgramData\SliMjbIOjKwyvCu.exe

mRun: [DELL Webcam Manager] "C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" /s

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [TaskTray]

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DIE9A5~1.LNK - C:\DSI\FID-FARINA\inetupapp.exe

StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DISPLA~3.LNK - C:\DSI\FIDLITE\inetupapp.exe

StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DISPLA~4.LNK - C:\DSI\FIDLITE2\inetupapp.exe

StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DIA955~1.LNK - C:\DSI\FIDLITE3\inetupapp.exe

StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DISPLA~1.LNK - C:\DSI\OLDREPLITE\inetupapp.exe

StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DISPLA~2.LNK - C:\DSI\OLDREPLITE2\inetupapp.exe

StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll

Trusted Zone: caldirectsecuredocs.com\www

Trusted Zone: com\pennwest-edocs

Trusted Zone: com\swiftview

Trusted Zone: coupons.com\microsite

Trusted Zone: ditechsecuredocs.com\www

Trusted Zone: ditechsecuredocs.net\www

Trusted Zone: docmagic.com\www

Trusted Zone: elynx.com\gateway

Trusted Zone: elynx.com\stest.lane100

Trusted Zone: elynx.com\stest.lane200

Trusted Zone: elynx.net\aegis

Trusted Zone: elynx.net\ctest

Trusted Zone: elynx.net\ctest.lane100

Trusted Zone: elynx.net\forms

Trusted Zone: elynx.net\gateway

Trusted Zone: elynx.net\gateway.ctest

Trusted Zone: elynx.net\gmacforms

Trusted Zone: elynx.net\pro

Trusted Zone: elynx.net\secure

Trusted Zone: elynx.net\ssctest

Trusted Zone: elynx.net\stest

Trusted Zone: elynx.net\usign

Trusted Zone: elynx.net\webpost

Trusted Zone: gmacmsecuredocs.com\www

Trusted Zone: gmacmsecuredocs.net\www

Trusted Zone: gmamcsecuredocs.com\www

Trusted Zone: hsbc.com\mortgage-esign.us

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

Trusted Zone: sasrlink.com\www

Trusted Zone: ss3.swiftsend.com\loandocs

Trusted Zone: swiftsend.com\docs

Trusted Zone: swiftsend.com\gateway

Trusted Zone: swiftsend.com\loandocs

Trusted Zone: swiftsend.com\loandocs.ss3

Trusted Zone: swiftsend.com\www

Trusted Zone: swiftsend2.com\docs

Trusted Zone: swiftsend2.com\loandocs

Trusted Zone: swiftview.com\products

Trusted Zone: swiftview.com\www

Trusted Zone: wamuloandocs.com\www

DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F127} - hxxps://secure.elynx.net/viewer/installers/svinstall_t_zhp_ss.exe

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{8F1048E6-5993-4463-B935-A81362C82E06} : DhcpNameServer = 192.168.1.254

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO-X64: StartNowToolbarHelper - No File

BHO-X64: Window Shopper: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll

BHO-X64: WindowShopper - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426182648.dll

BHO-X64: scriptproxy - No File

BHO-X64: Browse For Change BHO: {912C156F-05CF-4B62-851A-96E167A677B0} - mscoree.dll

BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll

BHO-X64: Wajam IE BHO - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll

BHO-X64: Browser Address Error Redirector - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB-X64: {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No File

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [DELL Webcam Manager] "C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" /s

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun-x64: [TaskTray]

mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=110788&babsrc=HP_ss&mntrId=9ed8a32200000000000000221912be2a

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110788&babsrc=adbartrp&mntrId=9ed8a32200000000000000221912be2a&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 57273

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npsview.dll

FF - plugin: C:\Program Files (x86)\SwiftView\npsview.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 9ed8a32200000000000000221912be2a

FF - user.js: extensions.BabylonToolbar_i.hardId - 9ed8a32200000000000000221912be2a

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15408

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:14:24

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

S1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-16 249936]

S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-16 199272]

S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-2-16 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 B-Service;B-Service;C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7RD6PBX\B-Service.exe --> C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7RD6PBX\B-Service.exe [?]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-11 89920]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]

S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]

S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;\??\C:\Windows\system32\Drivers\OEM05Afx.sys --> C:\Windows\system32\Drivers\OEM05Afx.sys [?]

S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM05Vfx.sys --> C:\Windows\system32\DRIVERS\OEM05Vfx.sys [?]

S3 OEM05Vid;Creative Camera OEM005 Driver;C:\Windows\system32\DRIVERS\OEM05Vid.sys --> C:\Windows\system32\DRIVERS\OEM05Vid.sys [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\Windows\system32\DRIVERS\livecamv.sys --> C:\Windows\system32\DRIVERS\livecamv.sys [?]

S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257696]

S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]

S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-4 136176]

S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-4 136176]

S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2009-8-24 102608]

S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-1-7 517632]

S4 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-16 249936]

S4 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-16 249936]

S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-5-14 309744]

S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-5-14 1120752]

S4 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-5-14 166384]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-05-24 00:27:17 -------- d-----w- C:\$WINDOWS.~BT

2012-05-23 12:11:31 -------- d-----w- C:\Users\Sharon\AppData\Local\{682CD89D-A4D0-11E1-8270-B8AC6F996F26}

2012-05-23 12:10:43 -------- d-----w- C:\Users\Sharon\AppData\Local\Start

2012-05-23 12:10:43 -------- d-----w- C:\ProgramData\B7E8587A00047CF10023A3B1570F1C8B

2012-05-22 11:42:54 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB8125EF-2731-4E4E-B9D7-CF0D1DC71118}\mpengine.dll

2012-05-11 12:03:04 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-04-26 22:26:47 29272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll

.

==================== Find3M ====================

.

2012-05-05 16:01:02 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 16:01:02 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-05 16:00:56 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-02 13:59:51 2766848 ----a-w- C:\Windows\System32\win32k.sys

2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-03-20 17:11:30 162192 ----a-w- C:\Windows\System32\mfevtps.exe

2012-03-01 15:39:45 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-03-01 15:39:45 196096 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-03-01 14:46:01 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-03-01 14:46:01 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-02-29 15:37:41 5632 ----a-w- C:\Windows\System32\wmi.dll

2012-02-29 15:37:38 219136 ----a-w- C:\Windows\System32\wintrust.dll

2012-02-29 15:35:44 78848 ----a-w- C:\Windows\System32\imagehlp.dll

2012-02-29 15:11:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-02-29 15:11:42 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-02-29 15:09:53 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-02-29 14:40:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-02-29 14:09:35 834048 ----a-w- C:\Windows\System32\d2d1.dll

2012-02-29 14:08:47 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-02-29 14:06:08 1556480 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-29 13:52:46 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-02-29 13:44:50 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-02-29 13:41:40 1069056 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 6:55:09.29 ===============

Elise · May 24, 2012

Hi, indeed a few things that don't belong there.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Lorgeo · May 24, 2012

Hello, I just ran Combofix. The machine rebooted and

1) Theres a warning that "No amd graphics card is installed or is not functioning properly..."

2) There is an empty Combofix window that looks like shuffling cards, moving constantly

3) Can open Task Manager, but can't seem to use it. Can't do much of anything at all now.

4) Tried to start id safe mode, but comes up with 'start normally' and can not move the highlight with arrow keys to select other options.

UPDATE!

I was able to start in safe mode and will post the log:

ComboFix 12-05-24.02 - Sharon 05/24/2012 17:19:46.1.4 - x64 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.5226 [GMT -4:00]

Running from: c:\users\Sharon\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\StartNow Toolbar

c:\program files (x86)\StartNow Toolbar\Resources\images\btn-msn.png

c:\program files (x86)\StartNow Toolbar\Resources\images\chevronButton.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png

c:\program files (x86)\StartNow Toolbar\Resources\images\separator.png

c:\program files (x86)\StartNow Toolbar\Resources\images\splitter.png

c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png

c:\program files (x86)\StartNow Toolbar\Resources\installer.xml

c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html

c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png

c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css

c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js

c:\program files (x86)\StartNow Toolbar\Resources\searchbox\dropdown_button_normal.png

c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_button_hover.png

c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_button_normal.png

c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_input_left.png

c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_input_middle.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml

c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_c.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_l.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_r.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_c.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_l.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_r.png

c:\program files (x86)\StartNow Toolbar\Resources\update.xml

c:\program files (x86)\StartNow Toolbar\Toolbar32.dll

c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

c:\program files (x86)\StartNow Toolbar\uninstall.dat

c:\users\Sharon\AppData\Local\Temp\kprcl.dll

c:\users\Sharon\AppData\Local\Temp\nsutut.dll

c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img\btn-msn.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img\engine_images.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img\engine_maps.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img\engine_news.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img\engine_videos.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img\engine_web.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img\icon_amazon.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img\icon_ebay.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img\icon_facebook.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img\icon_games.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img\icon_shopping.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img\icon_travel.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img\icon_twitter.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img\searchbox_button.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\img\startnow_logo.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\searchkeeper.js

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\searchkeeper.xul

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\xml\installer.xml

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\xml\toolbar.xml

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{F02577FF-29CE-4130-8171-B51D94ECA96E}.dtd

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\butoon-hover-background.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\search.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\searchBackground.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\splitter.png

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf

c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\searchplugins\bing-zugo.xml

c:\users\Sharon\AppData\Roaming\svfiles.log

c:\users\Sharon\Desktop\Scanner.lnk

c:\users\Sharon\GoToAssistDownloadHelper.exe

c:\users\Sharon\Taskmgr.exe

c:\windows\system\olepro32.dll

c:\windows\SysWow64\bidisp.dll

c:\windows\SysWow64\BSTIEPrintCtl1.dll

c:\windows\SysWow64\zip32.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Toolbar Updater Service

.

((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))

.

2012-05-24 21:31 . 2012-05-24 22:05 -------- d-----w- c:\users\Sharon\AppData\Local\temp

2012-05-24 21:31 . 2012-05-24 21:31 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-05-24 21:31 . 2012-05-24 21:31 -------- d-----w- c:\users\Dragonlady\AppData\Local\temp

2012-05-24 21:31 . 2012-05-24 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-24 00:27 . 2012-05-24 00:27 -------- d-----w- C:\$WINDOWS.~BT

2012-05-23 12:11 . 2012-05-23 12:11 -------- d-----w- c:\users\Sharon\AppData\Local\{682CD89D-A4D0-11E1-8270-B8AC6F996F26}

2012-05-23 12:10 . 2012-05-23 22:40 -------- d-----w- c:\users\Sharon\AppData\Local\Start

2012-05-23 12:10 . 2012-05-23 12:10 -------- d-----w- c:\programdata\B7E8587A00047CF10023A3B1570F1C8B

2012-05-22 11:42 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB8125EF-2731-4E4E-B9D7-CF0D1DC71118}\mpengine.dll

2012-05-11 12:03 . 2012-03-30 12:45 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-04-26 22:26 . 2012-03-20 17:06 29272 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 16:01 . 2012-03-30 11:37 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 16:01 . 2011-06-14 11:40 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 16:00 . 2012-03-30 12:01 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-04 19:56 . 2009-09-30 00:01 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-20 17:11 . 2011-02-16 12:45 162192 ----a-w- c:\windows\system32\mfevtps.exe

2012-02-29 15:37 . 2012-04-12 11:46 5632 ----a-w- c:\windows\system32\wmi.dll

2012-02-29 15:37 . 2012-04-12 11:46 219136 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 15:35 . 2012-04-12 11:46 78848 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 15:11 . 2012-04-12 11:46 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-29 15:11 . 2012-04-12 11:46 172032 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-02-29 15:09 . 2012-04-12 11:46 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-02-29 13:52 . 2012-04-12 11:46 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-02-28 06:56 . 2012-04-12 11:49 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-12 11:49 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-12 11:49 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-12 11:49 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-12 11:49 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-12 11:49 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 11:49 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-12 11:49 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"MoneyAgent"="c:\program files (x86)\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]

"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-08-15 4812664]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-04 39408]

"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]

"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DELL Webcam Manager"="c:\program files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-05-14 244208]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]

"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-08-22 36864]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-01-04 136600]

"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-11-26 296056]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

Displaysoft Online Updates - c--DSI-FID-FARINA.lnk - c:\dsi\FID-FARINA\inetupapp.exe [2010-12-23 757760]

Displaysoft Online Updates - C--DSI-FIDLITE.lnk - c:\dsi\FIDLITE\inetupapp.exe [2009-7-16 757760]

Displaysoft Online Updates - c--DSI-FIDLITE2.lnk - c:\dsi\FIDLITE2\inetupapp.exe [2009-7-16 757760]

Displaysoft Online Updates - c--DSI-FIDLITE3.lnk - c:\dsi\FIDLITE3\inetupapp.exe [2009-7-16 757760]

Displaysoft Online Updates - c--DSI-OLDREPLITE.lnk - c:\dsi\OLDREPLITE\inetupapp.exe [2009-7-16 757760]

Displaysoft Online Updates - c--DSI-OLDREPLITE2.lnk - c:\dsi\OLDREPLITE2\inetupapp.exe [2010-12-23 757760]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:01]

.

2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45]

.

2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="DER\MSASCUI.EXE -HIDE" [X]

"(Default)"="" [bU]

"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.c...client&ie=UTF-8

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll

Trusted Zone: caldirectsecuredocs.com\www

Trusted Zone: com\pennwest-edocs

Trusted Zone: com\swiftview

Trusted Zone: coupons.com\microsite

Trusted Zone: ditechsecuredocs.com\www

Trusted Zone: ditechsecuredocs.net\www

Trusted Zone: docmagic.com\www

Trusted Zone: elynx.com\gateway

Trusted Zone: elynx.com\stest.lane100

Trusted Zone: elynx.com\stest.lane200

Trusted Zone: elynx.net\aegis

Trusted Zone: elynx.net\ctest

Trusted Zone: elynx.net\ctest.lane100

Trusted Zone: elynx.net\forms

Trusted Zone: elynx.net\gateway

Trusted Zone: elynx.net\gateway.ctest

Trusted Zone: elynx.net\gmacforms

Trusted Zone: elynx.net\pro

Trusted Zone: elynx.net\secure

Trusted Zone: elynx.net\ssctest

Trusted Zone: elynx.net\stest

Trusted Zone: elynx.net\usign

Trusted Zone: elynx.net\webpost

Trusted Zone: gmacmsecuredocs.com\www

Trusted Zone: gmacmsecuredocs.net\www

Trusted Zone: gmamcsecuredocs.com\www

Trusted Zone: hsbc.com\mortgage-esign.us

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

Trusted Zone: sasrlink.com\www

Trusted Zone: ss3.swiftsend.com\loandocs

Trusted Zone: swiftsend.com\docs

Trusted Zone: swiftsend.com\gateway

Trusted Zone: swiftsend.com\loandocs

Trusted Zone: swiftsend.com\loandocs.ss3

Trusted Zone: swiftsend.com\www

Trusted Zone: swiftsend2.com\docs

Trusted Zone: swiftsend2.com\loandocs

Trusted Zone: swiftview.com\products

Trusted Zone: swiftview.com\www

Trusted Zone: wamuloandocs.com\www

TCP: DhcpNameServer = 192.168.1.254

DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F127} - hxxps://secure.elynx.net/viewer/installers/svinstall_t_zhp_ss.exe

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=110788&babsrc=HP_ss&mntrId=9ed8a32200000000000000221912be2a

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110788&babsrc=adbartrp&mntrId=9ed8a32200000000000000221912be2a&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 57273

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 9ed8a32200000000000000221912be2a

FF - user.js: extensions.BabylonToolbar_i.hardId - 9ed8a32200000000000000221912be2a

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15408

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:14

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)

Wow6432Node-HKCU-Run-SliMjbIOjKwyvCu - c:\programdata\SliMjbIOjKwyvCu.exe

Wow6432Node-HKLM-Run-TaskTray - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-IAAnotif - OTIF.EXE

HKLM-Run-Dell DataSafe Online - E.EXE

AddRemove-iBryte_browseforchange - c:\program files (x86)\iBryte\browseforchange\uninstall.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Completion time: 2012-05-24 20:26:46 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-25 00:26

ComboFix2.txt 2011-03-24 22:58

ComboFix3.txt 2011-03-24 00:03

.

Pre-Run: 461,488,988,160 bytes free

Post-Run: 461,082,750,976 bytes free

.

- - End Of File - - BD1488A66CB92DFB5EDF00B65C981E60

Still no network connectivity, and getting the "Service does not exist as an installed service" error when trying to restart services etc

Elise · May 25, 2012

Does the F8 button seem to work (to bring up the advanced boot options)?

CF-SCRIPT

-------------

We need to execute a CF-script.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

DDS::
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: caldirectsecuredocs.com\www
Trusted Zone: com\pennwest-edocs
Trusted Zone: com\swiftview
Trusted Zone: coupons.com\microsite
Trusted Zone: ditechsecuredocs.com\www
Trusted Zone: ditechsecuredocs.net\www
Trusted Zone: docmagic.com\www
Trusted Zone: elynx.com\gateway
Trusted Zone: elynx.com\stest.lane100
Trusted Zone: elynx.com\stest.lane200
Trusted Zone: elynx.net\aegis
Trusted Zone: elynx.net\ctest
Trusted Zone: elynx.net\ctest.lane100
Trusted Zone: elynx.net\forms
Trusted Zone: elynx.net\gateway
Trusted Zone: elynx.net\gateway.ctest
Trusted Zone: elynx.net\gmacforms
Trusted Zone: elynx.net\pro
Trusted Zone: elynx.net\secure
Trusted Zone: elynx.net\ssctest
Trusted Zone: elynx.net\stest
Trusted Zone: elynx.net\usign
Trusted Zone: elynx.net\webpost
Trusted Zone: gmacmsecuredocs.com\www
Trusted Zone: gmacmsecuredocs.net\www
Trusted Zone: gmamcsecuredocs.com\www
Trusted Zone: hsbc.com\mortgage-esign.us
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: sasrlink.com\www
Trusted Zone: ss3.swiftsend.com\loandocs
Trusted Zone: swiftsend.com\docs
Trusted Zone: swiftsend.com\gateway
Trusted Zone: swiftsend.com\loandocs
Trusted Zone: swiftsend.com\loandocs.ss3
Trusted Zone: swiftsend.com\www
Trusted Zone: swiftsend2.com\docs
Trusted Zone: swiftsend2.com\loandocs
Trusted Zone: swiftview.com\products
Trusted Zone: swiftview.com\www
Trusted Zone: wamuloandocs.com\www

Firefox::
FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=110788&babsrc=HP_ss&mntrId=9ed8a32200000000000000221912be2a
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110788&babsrc=adbartrp&mntrId=9ed8a32200000000000000221912be2a&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57273

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Lorgeo · May 25, 2012

Hello Elise,

Can get into safe mode so ran the script. Log follows:

ComboFix 12-05-24.02 - Sharon 05/25/2012 6:22.1.4 - x64 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.5238 [GMT -4:00]

Running from: c:\users\Sharon\Desktop\ComboFix.exe

Command switches used :: c:\users\Sharon\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\SysWow64\bidisp.dll

.

((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))

.

2012-05-25 10:34 . 2012-05-25 10:34 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-05-25 10:34 . 2012-05-25 10:34 -------- d-----w- c:\users\Dragonlady\AppData\Local\temp

2012-05-25 10:34 . 2012-05-25 10:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-25 01:48 . 2012-05-25 01:48 -------- d-----w- c:\users\Sharon\AppData\Local\Stardock_Corporation

2012-05-25 00:26 . 2012-05-25 10:43 -------- d-----w- c:\users\Sharon\AppData\Local\temp