Jump to content

Google results are redirected


MarkS1909
 Share

Recommended Posts

Wife's laptop is affected with something, 90% of the results from google are redirected to someother webpage. I did update and run Malwarebytes and that found nothing. I also ran tdsskiller, that only found a locked file. Looking for help on getting the laptop searching again....

Thanks for the help...

Mark

Link to post
Share on other sites

Hello,

Please follow the steps from the following article and let me know about the results.

http://forums.malwarebytes.org/index.php?showtopic=9573

Regards,

Georgi

Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7777

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

9/22/2011 7:46:48 PM

mbam-log-2011-09-22 (19-46-48).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 419616

Time elapsed: 1 hour(s), 34 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

-------------------------------------

Ran McAfee:

No infections...

-------------------------------------

Installed Avira AntiVir:

Scan process 'PowerDVDupdt32.exe' - '1' Module(s) have been scanned

Module is infected -> <C:\Users\Sherri\AppData\Local\PowerDVD DX\PowerDVDUpdate\PowerDVDupdt32.exe>

[DETECTION] Is the TR/Dldr.kio.1 Trojan

[NOTE] Process 'PowerDVDupdt32.exe' was terminated

[NOTE] The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PowerDVD DX Update> was removed successfully.

[NOTE] The registration entry <HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\PowerDVD DX Update> was removed successfully.

[NOTE] The registration entry <HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PowerDVD DX Update> was removed successfully.

[NOTE] The file was moved to the quarantine directory under the name '4aaf75fd.qua'.

C:\Users\Sherri\AppData\Local\Apple\AppleUpdate\Appleupdt32.exe

[DETECTION] Is the TR/Dldr.KJE Trojan

[NOTE] The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Apple Update> was removed successfully.

[NOTE] The registration entry <HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\Apple Update> was removed successfully.

[NOTE] The registration entry <HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Apple Update> was removed successfully.

[NOTE] The file was moved to the quarantine directory under the name '522159ed.qua'.

C:\Users\Sherri\AppData\Local\DataSafeOnline\DataSafeOnlineUpdate\DataSafeOnlineupdt32.exe

[DETECTION] Is the TR/Dldr.KJE Trojan

[NOTE] The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DataSafeOnline Update> was removed successfully.

[NOTE] The registration entry <HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DataSafeOnline Update> was removed successfully.

[NOTE] The file was moved to the quarantine directory under the name '007a030e.qua'.

C:\Users\Sherri\AppData\Local\Apps\AppsUpdate\Appsupdt32.exe

[DETECTION] Is the TR/Dldr.kio.1 Trojan

[NOTE] The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Apps Update> was removed successfully.

[NOTE] The registration entry <HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Apps Update> was removed successfully.

[NOTE] The file was moved to the quarantine directory under the name '66494cd7.qua'.

The scan has been done completely.

0 Scanned directories

2070 Files were scanned

4 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

4 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

2066 Files not concerned

7 Archives were scanned

0 Warnings

4 Notes

-----------------------------------

Rebooted system and re-ran Avira

Begin scan in 'C:\' <OS>

C:\Users\Sherri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GUZ2465M\km3w47i8ty[1].htm

[DETECTION] Contains recognition pattern of the HTML/Grimeaw.A HTML script virus

C:\Users\Sherri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V4AX1EUJ\km3w47i8ty[1].htm

[DETECTION] Contains recognition pattern of the HTML/Grimeaw.A HTML script virus

C:\Users\Sherri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V4AX1EUJ\km3w47i8ty[2].htm

[DETECTION] Contains recognition pattern of the HTML/Grimeaw.A HTML script virus

C:\Users\Sherri\AppData\Local\Temp\thpm3048919096795293649.tmp

[DETECTION] Is the TR/FakeAV.igjx Trojan

C:\Users\Sherri\AppData\Local\Temp\thpm5776428823684852669.tmp

[DETECTION] Is the TR/Dldr.Tracur.AC.16 Trojan

C:\Users\Sherri\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\68ac45c1-6b7e5344

[0] Archive type: ZIP

--> menu/edit.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BL exploit

--> menu/file.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BW exploit

--> menu/help.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.U exploit

--> pocket/object3.class

[DETECTION] Contains recognition pattern of the JAVA/Formduce.A Java virus

C:\Users\Sherri\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-17e23994

[0] Archive type: ZIP

--> ________vload.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2008-5353.CG.1 exploit

C:\Users\Sherri\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\24432f51-6df69009

[0] Archive type: ZIP

--> langdriver/Pleme.class

[DETECTION] Contains recognition pattern of the JAVA/Exdoer.FS Java virus

--> langdriver/Stremer.class

[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.W Java virus

--> langdriver/translator.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.K exploit

C:\Users\Sherri\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\10d72d13-60e81dd6

[0] Archive type: ZIP

--> langdriver/Pleme.class

[DETECTION] Contains recognition pattern of the JAVA/Exdoer.FS Java virus

--> langdriver/Stremer.class

[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.W Java virus

--> langdriver/translator.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.K exploit

C:\Users\Sherri\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\674ba742-727d4ebb

[0] Archive type: ZIP

--> settings/Form.class

[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BK Java virus

--> tools/Commander.class

[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BR Java virus

--> tools/Console.class

[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BQ Java virus

--> tools/Env.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.N exploit

--> tools/Syntax.class

[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BJ Java virus

C:\Users\Sherri\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4031db15-2aeaf914

[0] Archive type: ZIP

--> lort/border.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BN exploit

--> lort/object4.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.D exploit

--> menu/edit.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BL exploit

--> menu/file.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BW exploit

--> menu/help.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.U exploit

C:\Users\Sherri\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4f6079e6-684855c8

[0] Archive type: ZIP

--> Keyworq.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.a Java virus

--> Uutecwv.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2009-3867.5 exploit

C:\Users\Sherri\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\683013e7-7c35fa12

[0] Archive type: ZIP

--> folder/Glocker.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BG exploit

--> folder/peternova.class

[DETECTION] Contains recognition pattern of the JAVA/Rast.A Java virus

C:\Users\Sherri\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\73190831-708c1988

[DETECTION] Contains recognition pattern of the EXP/2010-4452.D exploit

C:\Users\Sherri\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\1c0b6af2-1bf2a254

[0] Archive type: ZIP

--> sklif/Hiydcxed.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2008-5353.AA exploit

C:\Users\Sherri\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\46cde3b2-5d740c61

[0] Archive type: ZIP

--> menu/edit.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BL exploit

--> menu/file.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BW exploit

--> menu/help.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.U exploit

--> pocket/object3.class

[DETECTION] Contains recognition pattern of the JAVA/Formduce.A Java virus

C:\Users\Sherri\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\3e13a975-6546cce2

[0] Archive type: ZIP

--> been/lipa.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.CR.1 exploit

--> plugin/adobe.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.JH Java virus

--> plugin/ping.class

[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AB Java virus

--> plugin/sportGame.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.JG Java virus

C:\Users\Sherri\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\420dadbf-63c2aeb4

[0] Archive type: ZIP

--> g6k1.class

[DETECTION] Contains recognition pattern of the JAVA/Rexec.E Java virus

--> y6u7.class

[DETECTION] Contains recognition pattern of the JAVA/OpenConnec.agw Java virus

--> g5z6.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0094.O exploit

--> q3p0.class

[DETECTION] Contains recognition pattern of the EXP/Java.sgw exploit

--> Tuvvoaerffb.class

[DETECTION] Contains recognition pattern of the EXP/Java.agq exploit

--> b5n3.class

[DETECTION] Contains recognition pattern of the EXP/Java.sbw exploit

C:\Windows\SoftwareDistribution\Download\ce5287396485f886a3051ac552cbdb2f08681033

[0] Archive type: Portable Executable Resource

--> resource54

[1] Archive type: CAB (Microsoft)

--> WriterProdLang.7z

[2] Archive type: 7-Zip

--> WriterProdLang.cab

[3] Archive type: CAB (Microsoft)

--> writerprodlang.msi

[WARNING] The file could not be read!

--> resource86

[1] Archive type: CAB (Microsoft)

--> LanguageSelector64.7z

[2] Archive type: 7-Zip

--> LanguageSelector64.cab

[3] Archive type: CAB (Microsoft)

--> LanguageSelector64.msi

[WARNING] The file could not be read!

C:\Windows\SysWOW64\srrstr.dll

[WARNING] The file could not be opened!

The scan has been done completely.

33063 Scanned directories

526806 Files were scanned

46 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

18 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

526759 Files not concerned

8590 Archives were scanned

3 Warnings

18 Notes

Cleaned and rebooted....

------------------------------------------------------

rescaned after reboot

Starting the file scan:

Begin scan in 'C:\' <OS>

C:\Windows\SoftwareDistribution\Download\ce5287396485f886a3051ac552cbdb2f08681033

[0] Archive type: Portable Executable Resource

--> resource54

[1] Archive type: CAB (Microsoft)

--> WriterProdLang.7z

[2] Archive type: 7-Zip

--> WriterProdLang.cab

[3] Archive type: CAB (Microsoft)

--> writerprodlang.msi

[WARNING] The file could not be read!

--> resource86

[1] Archive type: CAB (Microsoft)

--> LanguageSelector64.7z

[2] Archive type: 7-Zip

--> LanguageSelector64.cab

[3] Archive type: CAB (Microsoft)

--> LanguageSelector64.msi

[WARNING] The file could not be read!

End of the scan: Friday, September 23, 2011 09:46

Used time: 1:47:27 Hour(s)

The scan has been done completely.

33078 Scanned directories

526759 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

526759 Files not concerned

8582 Archives were scanned

2 Warnings

0 Notes

------------------------------------------------------------------

Ran DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Sherri at 10:21:23 on 2011-09-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2108 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe

C:\Users\Sherri\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe

C:\Windows\system32\prevhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: {166c7554-45f4-4a4f-bfd0-3487a9c4abd3} - C:\Users\Sherri\AppData\Local\ShellWin32.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101112152159.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [DirectxNotifierUpdate] rundll32.exe "C:\ProgramData\DirectxNotifierUpdate.dll",DllRegisterServer

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [FAStartup]

mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

StartupFolder: C:\Users\Sherri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\Sherri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe

StartupFolder: C:\Users\Sherri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sherri\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab

TCP: DhcpNameServer = 192.168.1.1 71.242.0.12

TCP: Interfaces\{30000658-21FB-4F35-A744-D0902CDED473} : DhcpNameServer = 192.168.1.1 71.242.0.12

TCP: Interfaces\{8B33FE86-99F2-490D-956D-FAA8B5456E0B} : DhcpNameServer = 172.16.1.1

TCP: Interfaces\{9DFA10A8-D069-4D02-87A6-CE6D7E656E86} : DhcpNameServer = 192.168.1.1 71.242.0.12

TCP: Interfaces\{9DFA10A8-D069-4D02-87A6-CE6D7E656E86}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{9DFA10A8-D069-4D02-87A6-CE6D7E656E86}\D4972747C65602245616368602255637F62747 : DhcpNameServer = 192.168.30.1

TCP: Interfaces\{9DFA10A8-D069-4D02-87A6-CE6D7E656E86}\F42726964702F4E656 : DhcpNameServer = 67.91.190.98 67.91.190.99

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll

LSA: Notification Packages = scecli FAPassSync

C:\Users\Sherri\AppData\Local\ShellWin32.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101112152159.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO-X64: FAIESSO Helper Object - No File

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [FAStartup]

mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\a3z3wo77.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=14776&l=dis

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk

FF - Ext: XUL Cache: {aa1fd1d8-aafb-42a5-a81d-83adb8938703} - %profile%\extensions\{aa1fd1d8-aafb-42a5-a81d-83adb8938703}

FF - Ext: XULRunner: {E8F056C9-7E95-49EB-AC3B-AEC4106977F1} - C:\Users\Sherri\AppData\Local\{E8F056C9-7E95-49EB-AC3B-AEC4106977F1}

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-4-10 89600]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-9-22 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-9-22 269480]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-6-24 2368776]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-8-13 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-8-13 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-8-13 355440]

R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-13 200056]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-13 245352]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-13 149032]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-15 656624]

R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-13 135664]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-15 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-15 79360]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-13 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2009-12-15 79360]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2011-09-23 12:35:59 -------- d-----w- C:\Users\Sherri\AppData\Local\{F0660AED-D351-4727-8083-095089BA1581}

2011-09-23 12:35:35 -------- d-----w- C:\Users\Sherri\AppData\Local\{753EA71E-B199-47AB-B551-48782DA223E0}

2011-09-23 00:36:00 -------- d-----w- C:\Users\Sherri\AppData\Roaming\Avira

2011-09-23 00:34:46 -------- d-----w- C:\Users\Sherri\AppData\Local\{489462D2-1221-4F56-8A4B-2BCAD48147D4}

2011-09-23 00:34:34 -------- d-----w- C:\Users\Sherri\AppData\Local\{F4E6D0D3-3405-4E49-B0CF-A33E6BAD9C76}

2011-09-23 00:09:55 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2011-09-23 00:09:53 -------- d-----w- C:\ProgramData\Avira

2011-09-23 00:09:53 -------- d-----w- C:\Program Files (x86)\Avira

2011-09-22 22:09:22 -------- d-----w- C:\Users\Sherri\AppData\Local\{2360D4D4-F8F8-4A80-826D-8FA617A76959}

2011-09-22 22:09:10 -------- d-----w- C:\Users\Sherri\AppData\Local\{56E9D9B3-262E-475D-BF3C-BE2FE2783342}

2011-09-21 03:15:58 98816 ----a-w- C:\Windows\sed.exe

2011-09-21 03:15:58 518144 ----a-w- C:\Windows\SWREG.exe

2011-09-21 03:15:58 256000 ----a-w- C:\Windows\PEV.exe

2011-09-21 03:15:58 208896 ----a-w- C:\Windows\MBR.exe

2011-09-21 03:15:49 -------- d-s---w- C:\ComboFix

2011-09-20 19:05:14 -------- d-----w- C:\Users\Sherri\AppData\Local\{1A20417F-E317-4AF2-AFFD-27F180AC8000}

2011-09-20 19:04:55 -------- d-----w- C:\Users\Sherri\AppData\Local\{DE21D13F-6FC7-49E1-A6ED-D8C54EFE2034}

2011-09-20 03:25:26 -------- d-----w- C:\Windows\en

2011-09-20 03:22:21 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-09-20 03:15:47 -------- d-----w- C:\Users\Sherri\AppData\Local\{BA0C1260-0898-4166-A4F7-15658CBB8F84}

2011-09-20 03:15:35 -------- d-----w- C:\Users\Sherri\AppData\Local\{F0F7453B-1F93-4E7E-931D-7D3D6E313C45}

2011-09-18 20:49:29 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2011-09-18 20:49:29 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2011-09-18 20:49:29 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2011-09-18 20:49:02 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2011-09-18 20:49:02 -------- d-----w- C:\Program Files\iTunes

2011-09-18 20:49:02 -------- d-----w- C:\Program Files\iPod

2011-09-18 20:49:02 -------- d-----w- C:\Program Files (x86)\iTunes

2011-09-18 20:36:01 -------- d-----w- C:\Program Files\Bonjour

2011-09-18 20:36:01 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-09-18 15:35:31 -------- d-----w- C:\Users\Sherri\AppData\Local\{093BD155-E70F-4785-AAE0-EFDF1D92EEF1}

2011-09-18 15:35:21 -------- d-----w- C:\Users\Sherri\AppData\Local\{2BCF6CCB-E124-4C99-AC04-8416A6B9EF7B}

2011-09-16 21:09:33 -------- d-----w- C:\Users\Sherri\AppData\Local\{2ADAF5BD-D261-4430-B037-2C5CF36C036C}

2011-09-16 21:09:19 -------- d-----w- C:\Users\Sherri\AppData\Local\{566F05D9-C4B2-425D-9132-3171841131BD}

2011-09-15 21:44:24 -------- d-----w- C:\Users\Sherri\AppData\Local\{83F12382-2EBA-4A3F-9CC4-6FC1A844B75E}

2011-09-15 21:44:01 -------- d-----w- C:\Users\Sherri\AppData\Local\{CDEEE7F6-CB2C-4402-8D9A-1ED24B1C2191}

2011-09-14 15:36:23 -------- d-----w- C:\Users\Sherri\AppData\Local\{F0CC0224-5838-4227-8561-707206EAAA2F}

2011-09-14 15:36:01 -------- d-----w- C:\Users\Sherri\AppData\Local\{14E6C230-2F75-4B8A-A542-5CE949C76BDE}

2011-09-13 19:55:15 -------- d-----w- C:\Users\Sherri\AppData\Local\{0ED0EBEE-B707-404C-BCAC-246904F33B4B}

2011-09-13 19:54:52 -------- d-----w- C:\Users\Sherri\AppData\Local\{143A1D79-3B85-4231-9448-0F60121A1D68}

2011-09-13 14:49:49 -------- d-----w- C:\Users\Sherri\AppData\Local\{A52564BC-E94E-4455-9210-AA2C42195BB9}

2011-09-12 21:32:34 -------- d-----w- C:\Users\Sherri\AppData\Local\{1DF08661-0F9A-4278-A15F-8FAA20158470}

2011-09-12 21:32:10 -------- d-----w- C:\Users\Sherri\AppData\Local\{DF2A8C64-ED39-4BAF-94C9-17225625CE17}

2011-09-12 17:01:52 -------- d-----w- C:\Users\Sherri\AppData\Local\{DA8B3141-E171-4D83-AFD9-2E48E3F8F1FF}

2011-09-12 17:01:30 -------- d-----w- C:\Users\Sherri\AppData\Local\{905849FD-A7E1-4947-858D-462EAB51A846}

2011-09-12 15:28:17 -------- d-----w- C:\Users\Sherri\AppData\Local\{55538D2D-A0F0-46A8-B457-C0B3CEDFA3E6}

2011-09-09 22:33:22 -------- d-----w- C:\Users\Sherri\AppData\Local\{8648CAD2-5048-47A8-B821-6ED6A6145B95}

2011-09-09 22:33:05 -------- d-----w- C:\Users\Sherri\AppData\Local\{5345DF28-53AC-44C0-94D0-2323E16E96DA}

2011-09-09 13:26:10 -------- d-----w- C:\Users\Sherri\AppData\Local\{F2BC0CCF-1EFC-403D-9A3E-C1770DC63272}

2011-09-09 13:14:59 -------- d-----w- C:\Users\Sherri\AppData\Local\{CB74F2C8-84DA-4405-8F42-1881DE0D0699}

2011-09-09 01:46:10 -------- d-----w- C:\Users\Sherri\AppData\Roaming\Sammsoft

2011-09-09 01:41:18 3486088 ----a-w- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe

2011-09-09 01:41:18 143240 ----a-w- C:\Program Files (x86)\Common Files\ApnStub.exe

2011-09-07 18:31:16 -------- d-----w- C:\Users\Sherri\AppData\Local\{FE879462-A1BF-4E57-9014-A3A53833403F}

2011-09-07 18:30:53 -------- d-----w- C:\Users\Sherri\AppData\Local\{2EA5422D-7D96-4DB4-9588-4201644E4F30}

2011-09-06 16:27:08 -------- d-----w- C:\Users\Sherri\AppData\Local\{4EA14423-D63F-4A9C-AA93-B36F922C0128}

2011-09-06 16:26:56 -------- d-----w- C:\Users\Sherri\AppData\Local\{67FDA3A0-60C3-401C-91C9-04089C01EF9D}

2011-09-05 23:39:41 -------- d-----w- C:\Users\Sherri\AppData\Local\{F815ADC4-BB11-4285-B0A7-FD48CA5B0B7C}

2011-09-05 23:39:27 -------- d-----w- C:\Users\Sherri\AppData\Local\{25AC51B7-7001-415C-8F5C-0DB22CAD3A50}

2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2011-09-05 01:41:47 -------- d-----w- C:\Users\Sherri\AppData\Local\{B0F6697B-8E32-4CE6-A83B-E037694F8041}

2011-09-05 01:41:26 -------- d-----w- C:\Users\Sherri\AppData\Local\{F1A1CA43-5069-4316-AAE9-43A062D61474}

2011-09-05 00:09:48 -------- d-----w- C:\Users\Sherri\AppData\Local\{4FDB0276-3934-4BFA-9CEB-68DE12CA4636}

2011-09-04 17:09:05 -------- d-----w- C:\Users\Sherri\AppData\Local\{9F2A8F99-FA4D-41E2-8153-7CE711161F77}

2011-08-27 01:14:56 -------- d-----w- C:\race

2011-08-26 21:03:38 -------- d-----w- C:\Users\Sherri\AppData\Local\{167833DD-8952-4CE8-8443-1F1A9F902D44}

2011-08-26 19:03:20 -------- d-----w- C:\Users\Sherri\AppData\Local\{5C341115-9714-4FB2-B57E-325F9F39FD4D}

2011-08-25 18:44:54 -------- d-----w- C:\Users\Sherri\AppData\Local\{C1158720-D94C-455F-A260-C87D6DE99B5E}

2011-08-25 18:44:35 -------- d-----w- C:\Users\Sherri\AppData\Local\{046B6901-EF90-4375-A983-29F047785F3A}

2011-08-25 00:20:28 -------- d-----w- C:\Users\Sherri\AppData\Local\{65BD6D56-F5B2-4390-9B17-10C9F5FC0677}

2011-08-25 00:20:15 -------- d-----w- C:\Users\Sherri\AppData\Local\{7B0F3E6A-A686-429A-988E-BA81DE81E229}

.

==================== Find3M ====================

.

2011-09-12 12:39:04 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-01 03:30:59 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2010-10-16 15:50:24 3056008 ----a-w- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe

.

============= FINISH: 10:22:15.00 ===============

Attaching attach.txt

--------------------------------------------------

Thanks for helping...

Mark

Attach.zip

Link to post
Share on other sites

Hi Mark, :)

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.

2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either McAFee or Avira. (I highly recommend you stick with AVIRA Free Anti-Virus, but it's personal choice. Please let me know what will you do).

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Virustotal

When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Users\Sherri\AppData\Local\ShellWin32.dll

note, if VT says these files have already been analysed, make sure you click re-analyse file now.

Please post back the results of the scan in your next post.

If Virustotal is busy, try the same at Virscan: http://virscan.org/

Repeat the steps for the following file:

C:\ProgramData\DirectxNotifierUpdate.dll

Please download ComboFix from the link below:

ComboFix

Save it to your Desktop, but do not run it yet <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.
  • Double click it & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Notes: Skip the Recovery Console part as you're running Vista or Windows 7. You can use the Windows DVD to boot into the Vista Recovery Environment if something goes awry.
  • Click on Yes, to continue scanning for malware.
  • If you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, it will produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.
  • If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.

-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.

Regards,

Georgi

Link to post
Share on other sites

I went ahead and uninstalled the McAfee products and then performed a full scan with AVIRA ....

-----------------------------------

Starting the file scan:

Begin scan in 'C:\' <OS>

C:\Windows\SoftwareDistribution\Download\ce5287396485f886a3051ac552cbdb2f08681033

[0] Archive type: Portable Executable Resource

--> resource54

[1] Archive type: CAB (Microsoft)

--> WriterProdLang.7z

[2] Archive type: 7-Zip

--> WriterProdLang.cab

[3] Archive type: CAB (Microsoft)

--> writerprodlang.msi

[WARNING] The file could not be read!

--> resource86

[1] Archive type: CAB (Microsoft)

--> LanguageSelector64.7z

[2] Archive type: 7-Zip

--> LanguageSelector64.cab

[3] Archive type: CAB (Microsoft)

--> LanguageSelector64.msi

[WARNING] The file could not be read!

End of the scan: Friday, September 23, 2011 15:44

Used time: 1:04:58 Hour(s)

The scan has been done completely.

32276 Scanned directories

464430 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

464430 Files not concerned

4527 Archives were scanned

2 Warnings

0 Notes

-----------------------------------------------------

Set folders to unhide files....

Went to Virustotal page and Virscan page but I was unable to locate those files. I also went in explorer to manually look up files, but I can not find them.

the files in question are:

-DirectxNotifierUpdate.dll

-ShellWin32.dll

When booting computer an error does appear stating that:

RunDLL - There was a problem starting C:\ProgramData\DirectxNotifierUpdate.dll

The specified module cound not be found.

It is possible the a previous scan of system, Malware or McAfee detected and removed them.

--------------------------------------

Running ComboFix.exe from desktop it prompt me by saying that:

antivirus: McAfee Anti-Virus and Anti-Spyware

antispyware: McAfee Anti-Virus and Anti-Spyware

The above real time scanner(s) are still active but ComboFix shall

continue to run. Kindly note that this is at your own risk

I ended the process. I was not sure if I should still continue. I did uninstall the McAfee suite that can with computer.

Please advise.

Thanks

Mark

DirectxNotifierUpdate.dll

ShellWin32.dll

Link to post
Share on other sites

Hello Mark,

Please follow the instructions below to learn how to uninstall McAFee completely:

http://help.aol.com/help/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=14159

Next please re-run Combofix as described above.

If you receive a note that McAfee is still active just ignore the Combofix warning and click ok to continue with the scan.

Post the log in your next reply.

Please let me know how it went.

Regards,

Georgi

Link to post
Share on other sites

I ran the tool to uninstall McAfee and it completed....

I then ran ComboFix, which still claimed that "McAfee Anti-Virus and Anti-Spyware" was still active.

I went ahead and continued...

After rebooting a second time to get all desktop icons to work again, I launched internet explore and I'm greeted with a security alert

about "You are about to view pages over a secure connection..."

Also at the bottom of ie, it is prompting me to Enable "ShellWin32.dll"

(The ShellWin32.dll add-on from an unknown publisher is ready to use. - ENABLE - DON'T ENABLE)

I left ie as is...

-------------------------------

ComboFix log

ComboFix 11-09-23.03 - Sherri 09/23/2011 19:39:12.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2595 [GMT -4:00]

Running from: c:\users\Sherri\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\CouponAlert_2pEI

c:\users\Sherri\AppData\Local\{E8F056C9-7E95-49EB-AC3B-AEC4106977F1}

c:\users\Sherri\AppData\Local\{E8F056C9-7E95-49EB-AC3B-AEC4106977F1}\chrome.manifest

c:\users\Sherri\AppData\Local\{E8F056C9-7E95-49EB-AC3B-AEC4106977F1}\chrome\content\_cfg.js

c:\users\Sherri\AppData\Local\{E8F056C9-7E95-49EB-AC3B-AEC4106977F1}\chrome\content\overlay.xul

c:\users\Sherri\AppData\Local\{E8F056C9-7E95-49EB-AC3B-AEC4106977F1}\install.rdf

c:\users\Sherri\AppData\Local\pxc.exe

c:\users\Sherri\AppData\Local\sea.exe

c:\users\Sherri\AppData\Roaming\Install.dat

c:\users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\a3z3wo77.default\extensions\{aa1fd1d8-aafb-42a5-a81d-83adb8938703}

c:\users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\a3z3wo77.default\extensions\{aa1fd1d8-aafb-42a5-a81d-83adb8938703}\chrome.manifest

c:\users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\a3z3wo77.default\extensions\{aa1fd1d8-aafb-42a5-a81d-83adb8938703}\chrome\xulcache.jar

c:\users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\a3z3wo77.default\extensions\{aa1fd1d8-aafb-42a5-a81d-83adb8938703}\defaults\preferences\xulcache.js

c:\users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\a3z3wo77.default\extensions\{aa1fd1d8-aafb-42a5-a81d-83adb8938703}\install.rdf

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

((((((((((((((((((((((((( Files Created from 2011-08-23 to 2011-09-23 )))))))))))))))))))))))))))))))

.

.

2011-09-23 23:44 . 2011-09-23 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-23 00:36 . 2011-09-23 00:36 -------- d-----w- c:\users\Sherri\AppData\Roaming\Avira

2011-09-23 00:09 . 2011-09-23 00:34 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-09-23 00:09 . 2011-09-23 00:34 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-09-23 00:09 . 2011-09-23 00:09 -------- d-----w- c:\programdata\Avira

2011-09-23 00:09 . 2011-09-23 00:09 -------- d-----w- c:\program files (x86)\Avira

2011-09-20 03:25 . 2011-09-20 03:25 -------- d-----w- c:\windows\en

2011-09-20 03:22 . 2011-09-20 03:22 -------- d-----w- c:\program files\Windows Live

2011-09-20 03:22 . 2011-09-20 03:22 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-09-18 20:50 . 2011-09-18 21:26 -------- d-----w- c:\users\Sherri\AppData\Roaming\Apple Computer

2011-09-18 20:49 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-09-18 20:49 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2011-09-18 20:49 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2011-09-18 20:49 . 2011-09-18 20:49 -------- dc----w- c:\windows\system32\DRVSTORE

2011-09-18 20:49 . 2011-09-18 20:49 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2011-09-18 20:49 . 2011-09-18 20:49 -------- d-----w- c:\program files\iTunes

2011-09-18 20:49 . 2011-09-18 20:49 -------- d-----w- c:\program files (x86)\iTunes

2011-09-18 20:49 . 2011-09-18 20:49 -------- d-----w- c:\program files\iPod

2011-09-18 20:36 . 2011-09-18 20:36 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-09-18 20:36 . 2011-09-18 20:36 -------- d-----w- c:\program files\Common Files\Apple

2011-09-18 20:36 . 2011-09-18 20:36 -------- d-----w- c:\program files\Bonjour

2011-09-18 20:36 . 2011-09-18 20:36 -------- d-----w- c:\program files (x86)\Bonjour

2011-09-12 12:43 . 2011-09-12 12:43 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-09-12 12:40 . 2011-09-12 12:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2011-09-09 01:46 . 2011-09-20 03:06 -------- d-----w- c:\users\Sherri\AppData\Roaming\Sammsoft

2011-09-09 01:41 . 2011-06-09 16:03 3486088 ----a-w- c:\program files (x86)\Common Files\ApnToolbarInstaller.exe

2011-09-09 01:41 . 2011-06-09 16:03 143240 ----a-w- c:\program files (x86)\Common Files\ApnStub.exe

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2011-08-27 01:14 . 2011-08-27 01:16 -------- d-----w- C:\race

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-12 12:39 . 2011-07-21 12:48 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-05 09:05 . 2009-12-25 21:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-09-05 09:04 . 2009-12-25 21:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-09-05 09:04 . 2010-05-19 22:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-09-05 09:04 . 2010-01-24 22:20 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-08-31 21:00 . 2010-12-17 02:21 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-01 03:30 . 2010-02-13 21:19 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll

2011-07-23 19:53 . 2011-07-23 19:53 489672 ----a-w- c:\users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe

2011-07-22 05:42 . 2011-08-10 07:01 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 05:36 . 2011-08-10 07:01 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 05:32 . 2011-08-10 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-22 02:54 . 2011-08-10 07:01 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-07-22 02:48 . 2011-08-10 07:01 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-07-22 02:44 . 2011-08-10 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-07-16 05:41 . 2011-08-09 22:14 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-16 05:41 . 2011-08-09 22:14 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-16 05:41 . 2011-08-09 22:14 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-16 05:39 . 2011-08-09 22:14 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-16 05:37 . 2011-08-09 22:14 421888 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 05:21 . 2011-08-09 22:14 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 04:29 . 2011-08-09 22:14 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:26 . 2011-08-09 22:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-16 04:25 . 2011-08-09 22:14 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-16 04:24 . 2011-08-09 22:14 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-16 04:24 . 2011-08-09 22:14 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll

2011-07-16 04:15 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:21 . 2011-08-09 22:14 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2011-07-16 02:21 . 2011-08-09 22:14 2048 ----a-w- c:\windows\SysWow64\user.exe

2011-07-16 02:17 . 2011-08-09 22:14 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 22:14 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:34 . 2011-07-12 15:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:34 . 2011-07-12 15:34 212840 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-07-09 05:26 . 2011-08-23 21:58 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 04:29 . 2011-08-23 21:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-07-09 02:46 . 2011-08-09 22:14 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2010-10-16 15:50 . 2011-03-31 01:29 3056008 ----a-w- c:\program files (x86)\Common Files\AskToolbarInstaller.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}]

2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2011-07-22 23:53 787744 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Sherri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Sherri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Sherri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-05-27 15147400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

.

c:\users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

Dropbox.lnk - c:\users\Sherri\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2009-06-24 22:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-15 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-15 79360]

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]

R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2009-12-15 79360]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 22:48]

.

2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 22:48]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Sherri\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Sherri\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Sherri\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]

"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]

"combofix"="c:\combofix\CF6233.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1 71.242.0.12

FF - ProfilePath - c:\users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\a3z3wo77.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=14776&l=dis

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=

FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{166C7554-45F4-4A4F-BFD0-3487A9C4ABD3} - c:\users\Sherri\AppData\Local\ShellWin32.dll

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-DirectxNotifierUpdate - c:\programdata\DirectxNotifierUpdate.dll

Wow6432Node-HKLM-Run-FAStartup - (no file)

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2011-09-23 19:50:52 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-23 23:50

.

Pre-Run: 384,375,111,680 bytes free

Post-Run: 387,348,279,296 bytes free

.

- - End Of File - - A305B4D07FAF26925514ACCEFA0D1218

Again thanks for all your help...

Mark

Link to post
Share on other sites

Hi Mark,

After rebooting a second time to get all desktop icons to work again, I launched internet explore and I'm greeted with a security alert

about "You are about to view pages over a secure connection..."

This is a normal message because Combofix restore some settings to default ones.

Next time when you see it check the box beside "in the future, do not show this warning" and click ok or open Internet Explorer => Click Tools => Internet Options => Advanced => Security and uncheck the "Warn if changing between secure and not secure mode" box.

Also at the bottom of ie, it is prompting me to Enable "ShellWin32.dll"

(The ShellWin32.dll add-on from an unknown publisher is ready to use. - ENABLE - DON'T ENABLE)

I left ie as is...

Could you please do the following:

Open Internet Explorer, click the Tools button, and then click Manage Add-ons.

Under Add-on Types, click Toolbars and Extensions.

Under Show, click All add-ons to display a complete list of the add-ons that reside on your computer.

Take a screenshot and post it in your next reply.

Also please do this:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    ShellWin32.dll
    :regfind
    ShellWin32.dll


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Delete your copy of Combofix and download a fresh one from here.

Save it your desktop but do not run it yet ! <--- important !!!

We need to execute a CFScript to clean some remnants.

Please do this:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

2. Open notepad => navigate to format and make sure that wordwrap is unchecked. <--- important !!!

3. Copy/paste the text in the codebox below into it:


KILLALL::
SecCenter::
{86355677-4064-3EA7-ABB3-1B136EB04637}
{BE0ED752-0A0B-3FFF-80EC-B2269063014C}
{3D54B793-665E-3129-9103-206115370C8A}
Folder::
c:\program files (x86)\Yontoo Layers Runtime
Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
ClearJavaCache::

4. Save this as CFScript.txt, in the same location as ComboFix.exe

3734364_B.gif

5. Close any open browsers.

6. Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Also reply back to let me know how things are going.

Regards,

Georgi

Link to post
Share on other sites

For starters internet explorer did not prompt me to Enable "ShellWin32.dll"

Attached are 4 screen shots of the add-ons for internet explorer...

Here is the ScreenLook result:

-------------------------------

SystemLook 30.07.11 by jpshortstuff

Log created at 22:18 on 23/09/2011 by Sherri

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "ShellWin32.dll"

No files found.

========== regfind ==========

Searching for "ShellWin32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166C7554-45F4-4A4F-BFD0-3487A9C4ABD3}\InprocServer32]

@="C:\Users\Sherri\AppData\Local\ShellWin32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{166C7554-45F4-4A4F-BFD0-3487A9C4ABD3}\InprocServer32]

@="C:\Users\Sherri\AppData\Local\ShellWin32.dll"

-= EOF =-

------------------------------------------------------

ComboFix still stated that "McAfee Anti-Virus and Anti-Spyware" was still active.

Clicked ok to continue...

Results:

-------------------------------------------------------

ComboFix 11-09-23.03 - Sherri 09/23/2011 22:31:15.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2593 [GMT -4:00]

Running from: c:\users\Sherri\Desktop\ComboFix.exe

Command switches used :: c:\users\Sherri\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Yontoo Layers Runtime

c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-08-24 to 2011-09-24 )))))))))))))))))))))))))))))))

.

.

2011-09-24 02:35 . 2011-09-24 02:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-23 00:36 . 2011-09-23 00:36 -------- d-----w- c:\users\Sherri\AppData\Roaming\Avira

2011-09-23 00:09 . 2011-09-23 00:34 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-09-23 00:09 . 2011-09-23 00:34 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-09-23 00:09 . 2011-09-23 00:09 -------- d-----w- c:\programdata\Avira

2011-09-23 00:09 . 2011-09-23 00:09 -------- d-----w- c:\program files (x86)\Avira

2011-09-20 03:25 . 2011-09-20 03:25 -------- d-----w- c:\windows\en

2011-09-20 03:22 . 2011-09-20 03:22 -------- d-----w- c:\program files\Windows Live

2011-09-20 03:22 . 2011-09-20 03:22 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-09-18 20:50 . 2011-09-18 21:26 -------- d-----w- c:\users\Sherri\AppData\Roaming\Apple Computer

2011-09-18 20:49 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-09-18 20:49 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2011-09-18 20:49 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2011-09-18 20:49 . 2011-09-18 20:49 -------- dc----w- c:\windows\system32\DRVSTORE

2011-09-18 20:49 . 2011-09-18 20:49 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2011-09-18 20:49 . 2011-09-18 20:49 -------- d-----w- c:\program files\iTunes

2011-09-18 20:49 . 2011-09-18 20:49 -------- d-----w- c:\program files (x86)\iTunes

2011-09-18 20:49 . 2011-09-18 20:49 -------- d-----w- c:\program files\iPod

2011-09-18 20:36 . 2011-09-18 20:36 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-09-18 20:36 . 2011-09-18 20:36 -------- d-----w- c:\program files\Common Files\Apple

2011-09-18 20:36 . 2011-09-18 20:36 -------- d-----w- c:\program files\Bonjour

2011-09-18 20:36 . 2011-09-18 20:36 -------- d-----w- c:\program files (x86)\Bonjour

2011-09-12 12:43 . 2011-09-12 12:43 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-09-12 12:40 . 2011-09-12 12:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2011-09-09 01:46 . 2011-09-20 03:06 -------- d-----w- c:\users\Sherri\AppData\Roaming\Sammsoft

2011-09-09 01:41 . 2011-06-09 16:03 3486088 ----a-w- c:\program files (x86)\Common Files\ApnToolbarInstaller.exe

2011-09-09 01:41 . 2011-06-09 16:03 143240 ----a-w- c:\program files (x86)\Common Files\ApnStub.exe

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2011-08-27 01:14 . 2011-08-27 01:16 -------- d-----w- C:\race

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-12 12:39 . 2011-07-21 12:48 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-05 09:05 . 2009-12-25 21:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-09-05 09:04 . 2009-12-25 21:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-09-05 09:04 . 2010-05-19 22:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-09-05 09:04 . 2010-01-24 22:20 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-08-31 21:00 . 2010-12-17 02:21 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-01 03:30 . 2010-02-13 21:19 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll

2011-07-23 19:53 . 2011-07-23 19:53 489672 ----a-w- c:\users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe

2011-07-22 05:42 . 2011-08-10 07:01 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 05:36 . 2011-08-10 07:01 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 05:32 . 2011-08-10 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-22 02:54 . 2011-08-10 07:01 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-07-22 02:48 . 2011-08-10 07:01 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-07-22 02:44 . 2011-08-10 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-07-16 05:41 . 2011-08-09 22:14 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-16 05:41 . 2011-08-09 22:14 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-16 05:41 . 2011-08-09 22:14 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-16 05:39 . 2011-08-09 22:14 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-16 05:37 . 2011-08-09 22:14 421888 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 05:21 . 2011-08-09 22:14 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 05:21 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 04:29 . 2011-08-09 22:14 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:26 . 2011-08-09 22:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-16 04:25 . 2011-08-09 22:14 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-16 04:24 . 2011-08-09 22:14 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-16 04:24 . 2011-08-09 22:14 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll

2011-07-16 04:15 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:21 . 2011-08-09 22:14 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2011-07-16 02:21 . 2011-08-09 22:14 2048 ----a-w- c:\windows\SysWow64\user.exe

2011-07-16 02:17 . 2011-08-09 22:14 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 22:14 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 22:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-09 22:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:34 . 2011-07-12 15:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:34 . 2011-07-12 15:34 212840 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-07-09 05:26 . 2011-08-23 21:58 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 04:29 . 2011-08-23 21:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-07-09 02:46 . 2011-08-09 22:14 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2010-10-16 15:50 . 2011-03-31 01:29 3056008 ----a-w- c:\program files (x86)\Common Files\AskToolbarInstaller.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-23_23.46.24 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2011-09-23 23:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-09-24 02:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-09-24 02:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-09-23 23:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-09-23 23:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-09-24 02:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-12-15 20:53 . 2011-09-24 00:15 54242 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-09-24 00:15 44226 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-01-07 14:23 . 2011-09-24 00:15 17050 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2690401071-4041784352-2135043583-1001_UserData.bin

+ 2009-12-25 15:36 . 2011-09-24 02:16 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-25 15:36 . 2011-09-23 22:43 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-25 15:36 . 2011-09-23 22:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-12-25 15:36 . 2011-09-24 02:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-09-24 02:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-09-23 22:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-12-27 08:17 . 2011-09-24 00:11 5952 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-09-23 23:45 . 2011-09-23 23:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-24 02:35 . 2011-09-24 02:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-09-23 23:45 . 2011-09-23 23:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-09-24 02:35 . 2011-09-24 02:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:01 . 2011-09-24 02:35 426816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-09-23 23:45 426816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-22 14:07 . 2011-09-24 02:35 2258792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2690401071-4041784352-2135043583-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{166C7554-45F4-4A4F-BFD0-3487A9C4ABD3}]

c:\users\Sherri\AppData\Local\ShellWin32.dll [bU]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}]

2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Sherri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Sherri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Sherri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-05-27 15147400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

"FAStartup"="" [bU]

.

c:\users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

Dropbox.lnk - c:\users\Sherri\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2009-06-24 22:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-15 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-15 79360]

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]

R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2009-12-15 79360]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 22:48]

.

2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 22:48]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Sherri\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Sherri\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Sherri\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1 71.242.0.12

FF - ProfilePath - c:\users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\a3z3wo77.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=14776&l=dis

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=

FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2011-09-23 22:44:02 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-24 02:44

ComboFix2.txt 2011-09-23 23:50

.

Pre-Run: 387,457,921,024 bytes free

Post-Run: 387,441,451,008 bytes free

.

- - End Of File - - 79CB531914371A1EAC29DB802320BE38

----------------------------------------------------------------

I did a few searches on google, and currently I'm NOT getting redirected...

Mark

post-94804-0-05768400-1316832892.jpg

post-94804-0-33944300-1316832898.jpg

post-94804-0-31717000-1316832908.jpg

post-94804-0-22522100-1316832918.jpg

Link to post
Share on other sites

Hi Mark,

I am sorry for the delayed response.

I had some personal issues to resolve.

We need to repeat the scan with SystemLook but this time using the x64 version.

Please download SystemLook from the link below and save it to your Desktop.

SystemLook_x64.exe

  • Double-click SystemLook_x64.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    ShellWin32.dll
    :folderfind
    McAfee
    Yontoo
    :regfind
    ShellWin32.dll
    McAfee
    Yontoo


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

I did a few searches on google, and currently I'm NOT getting redirected...

Yes, because Combofix removed the infected files that caused the redirects.

Upgrading Java:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :

  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 27.
  • Click the JDK 6 Update 27 JRE "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u27-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista users, right click on the jre-6u27-windows-i586.exe and select "Run as an Administrator.")

Your Mozilla Firefox is out of date!

You can download and install the latest version 6.0.2 from here.

Please do a backup of your existing profile using Mozbackup or FEBE before you proceed with the update.

When booting computer an error does appear stating that:

RunDLL - There was a problem starting C:\ProgramData\DirectxNotifierUpdate.dll

The specified module cound not be found.

Do you still get the following error during reboot ?

Run Scan with Malwarebytes

I see you have Malwarebytes' Anti-Malware installed on your computer.

Please start the application by double-click on it's icon.

Once the program has loaded go to the UPDATE tab and check for updates.

When the update is complete, select the Scanner tab

Select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad.

Please save it to a convenient location and post the results in your next reply.

Please download aswMBR.exe to your desktop.

  • Double click the aswMBR.exe icon to run it.
  • The program will offers to download the latest antivirus definitions from Avast servers. Click YES to agree.
  • When it's done in the AV Scan drop down options choose C:\
    unledyfm.png
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Note - do NOT attempt any Fix or FixMBR yet.

We need to run an OTL Custom Scan

  1. Please download OTL from the link below:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]OTL should now start. Change the following settings:

- Click on Scan All Users checkbox given at the top.46625204.png

- Under File Scans, change File age to 90

- On the upper right be sure Use Company-Name WhiteList, Skip Microsoft Files and Use No-Company-Name-Whitelist are checked

- Check the boxes beside LOP Check and Purity Check

[*]Copy and Paste the following code into the customFix.png textbox.


netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%ProgramData%\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s

[*]Push the runscanbutton.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Regards,

Georgi

Link to post
Share on other sites

Downloaded system look and results are posted:

--------------------------------------------

SystemLook 30.07.11 by jpshortstuff

Log created at 21:46 on 25/09/2011 by Sherri

Administrator - Elevation successful

========== filefind ==========

Searching for "ShellWin32.dll"

No files found.

========== folderfind ==========

Searching for "McAfee"

C:\Users\Sherri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\McAfee d------ [15:01 14/08/2010]

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\McAfee d------ [01:32 29/10/2010]

Searching for "Yontoo"

No folders found.

========== regfind ==========

Searching for "ShellWin32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{166C7554-45F4-4A4F-BFD0-3487A9C4ABD3}\InprocServer32]

@="C:\Users\Sherri\AppData\Local\ShellWin32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{166C7554-45F4-4A4F-BFD0-3487A9C4ABD3}\InprocServer32]

@="C:\Users\Sherri\AppData\Local\ShellWin32.dll"

Searching for "McAfee"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2690401071-4041784352-2135043583-1001\SOFTWARE\McAfee]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74EC0DAF-A972-43D5-A6CC-D819F9EE4E9F}\LocalServer32]

@=""C:\Program Files (x86)\McAfee\MPS\mpsalert.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7E4A46C-4CA2-4024-BBF1-A6E43EA7A447}]

@="McAfee TimeGrid Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7E4A46C-4CA2-4024-BBF1-A6E43EA7A447}\ToolboxBitmap32]

@="C:\Program Files (x86)\mcafee\mps\mctgrid.dll, 102"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\McTGrid.TimeGrid]

@="McAfee TimeGrid Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\McTGrid.TimeGrid.1]

@="McAfee TimeGrid Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfeeInstaller]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mcafeeupdater]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\McTGrid.TimeGrid]

@="McAfee TimeGrid Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\McTGrid.TimeGrid.1]

@="McAfee TimeGrid Class"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]

"DeviceDesc"="McAfee Inc. cfwids"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEFIREK01\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDET\0000]

"DeviceDesc"="McAfee Inc. mferkdet"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe|Name=McAfee Network Agent|Desc=McAfee Network Agent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000]

"DeviceDesc"="McAfee Inc. cfwids"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK02\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEFIREK01\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFERKDET\0000]

"DeviceDesc"="McAfee Inc. mferkdet"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe|Name=McAfee Network Agent|Desc=McAfee Network Agent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]

"DeviceDesc"="McAfee Inc. cfwids"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIREK01\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFERKDET\0000]

"DeviceDesc"="McAfee Inc. mferkdet"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe|Name=McAfee Network Agent|Desc=McAfee Network Agent|Edge=FALSE|"

[HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]

[HKEY_USERS\S-1-5-21-2690401071-4041784352-2135043583-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2690401071-4041784352-2135043583-1001\SOFTWARE\McAfee]

[HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]

Searching for "Yontoo"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yontoo.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]

@="YontooIEClient"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32]

@="C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]

@="Yontoo Layers Api"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32]

@="C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID]

@="YontooIEClient.Api.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID]

@="YontooIEClient.Api"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]

@="YontooIEClient"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]

@="Yontoo Layers Api"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api\CurVer]

@="YontooIEClient.Api.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]

@="Yontoo Layers Api"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32]

@="C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]

@="Yontoo Layers Api"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32]

@="C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID]

@="YontooIEClient.Api.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID]

@="YontooIEClient.Api"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\YontooIEClient.DLL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]

@="YontooIEClient"

[HKEY_USERS\S-1-5-21-2690401071-4041784352-2135043583-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yontoo.com]

-= EOF =-

--------------------------------------------

upgraded java to the newest version

upgraded firefox to the lastest version

Rescanned with Malwarebytes - results are posted

---------------------------------------------

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7801

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

9/26/2011 11:27:41 AM

mbam-log-2011-09-26 (11-27-41).txt

Scan type: Full scan (C:\|)

Objects scanned: 356238

Time elapsed: 1 hour(s), 1 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\Users\Sherri\AppData\Local\msnauthenticationsvc\utilwebsched.dll (IPH.Trojan.Blueinit.W7) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UtilWebSched (IPH.Trojan.Blueinit.W7) -> Value: UtilWebSched -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Sherri\AppData\Local\msnauthenticationsvc\utilwebsched.dll (IPH.Trojan.Blueinit.W7) -> Quarantined and deleted successfully.

-------------------------------------------------------

Rebooted and rescanned with Malwarebytes

-------------------------------------------------------

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7801

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

9/26/2011 12:34:09 PM

mbam-log-2011-09-26 (12-34-09).txt

Scan type: Full scan (C:\|)

Objects scanned: 356368

Time elapsed: 1 hour(s), 2 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

(CONT)

Link to post
Share on other sites

(CONT)

--------------------------------------------

Scanned with.... and posting log (Did not FixMBR)

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-09-26 12:36:28

-----------------------------

12:36:28.397 OS Version: Windows x64 6.1.7601 Service Pack 1

12:36:28.398 Number of processors: 2 586 0x170A

12:36:28.398 ComputerName: SHERRI-PC UserName: Sherri

12:36:31.696 Initialize success

12:45:39.056 AVAST engine defs: 11092600

12:46:14.130 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

12:46:14.136 Disk 0 Vendor: ST9500420ASG 0004SDM1 Size: 476940MB BusType: 11

12:46:16.197 Disk 0 MBR read successfully

12:46:16.204 Disk 0 MBR scan

12:46:16.256 Disk 0 Windows VISTA default MBR code

12:46:16.266 Service scanning

12:46:21.209 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

12:46:22.918 Modules scanning

12:46:22.929 Disk 0 trace - called modules:

12:46:22.950 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80049b32c0]<<

12:46:22.954 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cc1060]

12:46:22.959 3 CLASSPNP.SYS[fffff88001bbe43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b1e060]

12:46:22.963 \Driver\atapi[0xfffffa8004af9e70] -> IRP_MJ_CREATE -> 0xfffffa80049b32c0

12:46:24.101 AVAST engine scan C:\

14:40:03.073 Scan finished successfully

14:41:03.379 Disk 0 MBR has been saved successfully to "C:\Users\Sherri\Desktop\MBR.dat"

14:41:03.386 The log file has been saved successfully to "C:\Users\Sherri\Desktop\aswMBR.txt"

--------------------------------------------------------------

OTL.txt

OTL logfile created on: 9/26/2011 2:44:46 PM - Run 1

OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Sherri\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 43.12% Memory free

7.87 Gb Paging File | 5.53 Gb Available in Paging File | 70.28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.07 Gb Total Space | 361.40 Gb Free Space | 80.12% Space Free | Partition Type: NTFS

Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SHERRI-PC | User Name: Sherri | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/09/26 14:41:39 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Sherri\Desktop\OTL.exe

PRC - [2011/09/26 12:36:03 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sherri\Desktop\aswMBR.exe

PRC - [2011/09/22 20:34:55 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sherri\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/10/08 10:01:14 | 000,010,408 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe

PRC - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

PRC - [2009/09/17 15:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2009/07/05 17:12:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2009/06/24 18:31:44 | 001,942,792 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

PRC - [2009/06/24 18:31:44 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

PRC - [2009/06/24 18:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

PRC - [2009/06/24 18:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2009/06/18 23:46:28 | 001,554,928 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe

PRC - [2009/06/18 23:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

PRC - [2006/06/22 14:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/18 03:33:52 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll

MOD - [2011/09/18 03:32:42 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\873449038f590bc102daf0effd94c952\System.Web.Services.ni.dll

MOD - [2011/09/18 03:32:16 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll

MOD - [2011/09/18 03:32:09 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll

MOD - [2011/09/18 03:31:59 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll

MOD - [2011/09/18 03:25:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll

MOD - [2011/09/18 03:24:58 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll

MOD - [2011/09/18 03:24:51 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll

MOD - [2011/09/03 02:01:45 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2010/10/24 21:13:38 | 005,969,360 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2010/02/09 13:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll

MOD - [2010/02/09 13:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2010/02/09 13:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll

MOD - [2010/02/09 13:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll

MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009/09/11 14:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll

MOD - [2009/06/24 18:32:34 | 000,089,352 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll

MOD - [2009/06/24 18:31:46 | 000,059,144 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll

MOD - [2009/06/24 18:31:00 | 000,234,760 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll

MOD - [2009/06/18 23:46:28 | 001,554,928 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe

MOD - [2009/06/18 23:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

MOD - [2009/06/18 23:46:20 | 000,584,176 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll

MOD - [2009/05/20 20:59:48 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)

SRV - [2011/09/22 20:34:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/10/08 10:01:14 | 000,010,408 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe -- (AbsoluteNotifier)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2009/12/15 16:53:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2009/12/15 16:52:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2009/12/15 16:51:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)

SRV - [2009/12/15 16:32:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2009/09/17 15:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)

SRV - [2009/07/05 17:12:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2009/06/24 18:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) [Auto | Running] -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/22 20:34:58 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011/09/22 20:34:57 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/11 12:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/03/15 08:45:28 | 000,145,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV:64bit: - [2010/02/13 18:38:45 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010/01/21 04:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/11/04 03:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)

DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)

DRV:64bit: - [2009/07/13 20:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)

DRV:64bit: - [2009/07/13 20:06:40 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avcstrm.sys -- (AVCSTRM)

DRV:64bit: - [2009/07/13 20:06:39 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstape.sys -- (MSTAPE)

DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/26 00:23:30 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/06/25 05:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2009/06/25 04:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2009/06/25 04:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009/06/10 16:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/13 20:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel®

DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)

DRV:64bit: - [2008/09/24 22:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)

DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 54 75 6C 16 F4 45 4F 4A BF D0 34 87 A9 C4 AB D3 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 54 75 6C 16 F4 45 4F 4A BF D0 34 87 A9 C4 AB D3 [binary data]

IE - HKU\S-1-5-21-2690401071-4041784352-2135043583-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1

IE - HKU\S-1-5-21-2690401071-4041784352-2135043583-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 54 75 6C 16 F4 45 4F 4A BF D0 34 87 A9 C4 AB D3 [binary data]

IE - HKU\S-1-5-21-2690401071-4041784352-2135043583-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2690401071-4041784352-2135043583-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.ask.com?o=14776&l=dis"

FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:3.3.0

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550

FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.2.0.0

FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files (x86)\VDownloadernewverson\Addons\npVDownloader.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files (x86)\VDownloadernewverson\Addons\FireFox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/26 10:13:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/26 09:58:09 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E8F056C9-7E95-49EB-AC3B-AEC4106977F1}: C:\Users\Sherri\AppData\Local\{E8F056C9-7E95-49EB-AC3B-AEC4106977F1}

[2010/05/16 13:28:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherri\AppData\Roaming\Mozilla\Extensions

[2011/09/26 09:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\a3z3wo77.default\extensions

[2011/09/20 21:47:53 | 000,000,000 | ---D | M] (InvisibleHand) -- C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\a3z3wo77.default\extensions\canitbecheaper@trafficbroker.co.uk

[2011/09/18 20:13:42 | 000,002,571 | ---- | M] () -- C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\a3z3wo77.default\searchplugins\askcom.xml

[2011/09/26 10:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/06/15 20:19:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/09/26 09:47:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2011/09/03 02:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/07/23 15:53:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll

[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2011/09/26 09:47:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2011/09/02 19:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: ()

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2011/09/23 22:39:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (Reg Error: Value error.) - {166C7554-45F4-4A4F-BFD0-3487A9C4ABD3} - C:\Users\Sherri\AppData\Local\ShellWin32.dll File not found

O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2690401071-4041784352-2135043583-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-2690401071-4041784352-2135043583-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-2690401071-4041784352-2135043583-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [FAStartup] File not found

O4 - HKLM..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKU\S-1-5-21-2690401071-4041784352-2135043583-1001..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O4 - Startup: C:\Users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)

O4 - Startup: C:\Users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sherri\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2690401071-4041784352-2135043583-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2690401071-4041784352-2135043583-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 131.249.64.254 131.249.226.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30000658-21FB-4F35-A744-D0902CDED473}: DhcpNameServer = 192.168.1.1 71.242.0.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B33FE86-99F2-490D-956D-FAA8B5456E0B}: DhcpNameServer = 172.16.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DFA10A8-D069-4D02-87A6-CE6D7E656E86}: DhcpNameServer = 131.249.64.254 131.249.226.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\FastAccess: DllName - (c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-2690401071-4041784352-2135043583-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

MsConfig:64bit - StartUpReg: Jtewuvuw - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: Rwiyop - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

========== Files/Folders - Created Within 90 Days ==========

[2011/09/26 14:41:39 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Sherri\Desktop\OTL.exe

[2011/09/26 12:35:54 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Sherri\Desktop\aswMBR.exe

[2011/09/26 11:31:09 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{340CC06B-9E88-4CFD-BE1E-593E158A786E}

[2011/09/26 09:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011/09/26 09:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup

[2011/09/26 09:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup

[2011/09/26 09:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011/09/25 22:12:00 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{EB3D8A17-56A4-47AA-8BFB-C69E2C1F5F01}

[2011/09/25 22:11:38 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{0A59E1AB-CA4A-433D-A356-D1853C87579F}

[2011/09/25 19:07:11 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\MSNAuthenticationsvc

[2011/09/23 22:49:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/09/23 22:44:04 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/09/23 22:23:33 | 004,238,357 | R--- | C] (Swearware) -- C:\Users\Sherri\Desktop\ComboFix.exe

[2011/09/23 20:36:54 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{99EC9429-805F-43CB-A334-D2BC57012C8B}

[2011/09/23 20:36:32 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{17FB1106-8611-46E2-BB1E-38682750DFCE}

[2011/09/23 19:38:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/09/23 08:35:59 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{F0660AED-D351-4727-8083-095089BA1581}

[2011/09/23 08:35:35 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{753EA71E-B199-47AB-B551-48782DA223E0}

[2011/09/22 20:36:00 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Roaming\Avira

[2011/09/22 20:34:46 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{489462D2-1221-4F56-8A4B-2BCAD48147D4}

[2011/09/22 20:34:34 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{F4E6D0D3-3405-4E49-B0CF-A33E6BAD9C76}

[2011/09/22 20:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011/09/22 20:09:55 | 000,123,784 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2011/09/22 20:09:55 | 000,088,288 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2011/09/22 20:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011/09/22 20:09:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2011/09/22 18:09:22 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{2360D4D4-F8F8-4A80-826D-8FA617A76959}

[2011/09/22 18:09:10 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{56E9D9B3-262E-475D-BF3C-BE2FE2783342}

[2011/09/20 23:28:26 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Sherri\Desktop\dds.scr

[2011/09/20 23:15:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/09/20 23:15:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/09/20 23:15:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/09/20 23:15:45 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/09/20 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{1A20417F-E317-4AF2-AFFD-27F180AC8000}

[2011/09/20 15:04:55 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{DE21D13F-6FC7-49E1-A6ED-D8C54EFE2034}

[2011/09/19 23:25:26 | 000,000,000 | ---D | C] -- C:\Windows\en

[2011/09/19 23:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2011/09/19 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{BA0C1260-0898-4166-A4F7-15658CBB8F84}

[2011/09/19 23:15:35 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{F0F7453B-1F93-4E7E-931D-7D3D6E313C45}

[2011/09/18 16:50:10 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Roaming\Apple Computer

[2011/09/18 16:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011/09/18 16:49:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2011/09/18 16:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/09/18 16:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2011/09/18 16:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/09/18 16:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[2011/09/18 16:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011/09/18 16:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2011/09/18 16:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2011/09/18 16:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2011/09/18 16:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2011/09/18 16:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011/09/18 16:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2011/09/18 11:35:31 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{093BD155-E70F-4785-AAE0-EFDF1D92EEF1}

[2011/09/18 11:35:21 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{2BCF6CCB-E124-4C99-AC04-8416A6B9EF7B}

[2011/09/16 17:09:33 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{2ADAF5BD-D261-4430-B037-2C5CF36C036C}

[2011/09/16 17:09:19 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{566F05D9-C4B2-425D-9132-3171841131BD}

[2011/09/15 17:44:24 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{83F12382-2EBA-4A3F-9CC4-6FC1A844B75E}

[2011/09/15 17:44:01 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{CDEEE7F6-CB2C-4402-8D9A-1ED24B1C2191}

[2011/09/14 11:36:23 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{F0CC0224-5838-4227-8561-707206EAAA2F}

[2011/09/14 11:36:01 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{14E6C230-2F75-4B8A-A542-5CE949C76BDE}

[2011/09/13 15:55:15 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{0ED0EBEE-B707-404C-BCAC-246904F33B4B}

[2011/09/13 15:54:52 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{143A1D79-3B85-4231-9448-0F60121A1D68}

[2011/09/13 10:49:49 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{A52564BC-E94E-4455-9210-AA2C42195BB9}

[2011/09/12 17:32:34 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{1DF08661-0F9A-4278-A15F-8FAA20158470}

[2011/09/12 17:32:10 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{DF2A8C64-ED39-4BAF-94C9-17225625CE17}

[2011/09/12 13:01:52 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{DA8B3141-E171-4D83-AFD9-2E48E3F8F1FF}

[2011/09/12 13:01:30 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{905849FD-A7E1-4947-858D-462EAB51A846}

[2011/09/12 11:28:17 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{55538D2D-A0F0-46A8-B457-C0B3CEDFA3E6}

[2011/09/12 08:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2011/09/12 08:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2011/09/09 18:33:22 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{8648CAD2-5048-47A8-B821-6ED6A6145B95}

[2011/09/09 18:33:05 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{5345DF28-53AC-44C0-94D0-2323E16E96DA}

[2011/09/09 09:26:10 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{F2BC0CCF-1EFC-403D-9A3E-C1770DC63272}

[2011/09/09 09:14:59 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{CB74F2C8-84DA-4405-8F42-1881DE0D0699}

[2011/09/08 21:46:10 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Roaming\Sammsoft

[2011/09/08 21:41:18 | 003,486,088 | ---- | C] (Ask) -- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe

[2011/09/08 21:41:18 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files (x86)\Common Files\ApnStub.exe

[2011/09/07 14:31:16 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{FE879462-A1BF-4E57-9014-A3A53833403F}

[2011/09/07 14:30:53 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{2EA5422D-7D96-4DB4-9588-4201644E4F30}

[2011/09/06 12:27:08 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{4EA14423-D63F-4A9C-AA93-B36F922C0128}

[2011/09/06 12:26:56 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{67FDA3A0-60C3-401C-91C9-04089C01EF9D}

[2011/09/05 19:39:41 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{F815ADC4-BB11-4285-B0A7-FD48CA5B0B7C}

[2011/09/05 19:39:27 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{25AC51B7-7001-415C-8F5C-0DB22CAD3A50}

[2011/09/04 21:41:47 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{B0F6697B-8E32-4CE6-A83B-E037694F8041}

[2011/09/04 21:41:26 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{F1A1CA43-5069-4316-AAE9-43A062D61474}

[2011/09/04 20:09:48 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{4FDB0276-3934-4BFA-9CEB-68DE12CA4636}

[2011/09/04 13:09:05 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{9F2A8F99-FA4D-41E2-8153-7CE711161F77}

[2011/08/26 21:14:56 | 000,000,000 | ---D | C] -- C:\race

[2011/08/26 17:03:38 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{167833DD-8952-4CE8-8443-1F1A9F902D44}

[2011/08/26 15:03:20 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{5C341115-9714-4FB2-B57E-325F9F39FD4D}

[2011/08/25 14:44:54 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{C1158720-D94C-455F-A260-C87D6DE99B5E}

[2011/08/25 14:44:35 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{046B6901-EF90-4375-A983-29F047785F3A}

[2011/08/24 20:20:28 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{65BD6D56-F5B2-4390-9B17-10C9F5FC0677}

[2011/08/24 20:20:15 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{7B0F3E6A-A686-429A-988E-BA81DE81E229}

[2011/08/22 17:32:05 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{78E06CC6-8017-4C52-A0F8-7877250C3C84}

[2011/08/22 17:31:50 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{172FF58A-717D-42BC-8877-9BB1A36B50CD}

[2011/08/21 16:36:20 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{7125701D-7FC2-47D0-BA6B-2BBB8D1EE69D}

[2011/08/21 16:35:55 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{1C5E9158-B189-41EF-850F-4A42D6FAD2AC}

[2011/08/19 15:35:25 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{360F55A4-51F8-43AD-BCCF-D460E77081E1}

[2011/08/19 15:35:13 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{8150DFC7-E0D7-406F-B3DC-5D924A0367BD}

[2011/08/13 12:56:11 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{3A01D7F4-666A-4406-8362-44F77C04EEAE}

[2011/08/13 12:55:50 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{8157C98C-8B82-47DA-A83D-2EB5C21F53F7}

[2011/08/11 11:36:19 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{5A9DD245-0FBD-4E23-BEEA-EBB3CC6146AD}

[2011/08/11 11:36:09 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{4FC7691B-B1B7-48EB-9293-FD5344AC902C}

[2011/08/10 18:29:19 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{A3AE3FD4-061B-4041-8A9F-CD35065BD8F2}

[2011/08/10 18:29:06 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{F4118AA6-9B33-4B71-A2ED-5BC4ED2CC927}

[2011/08/10 15:07:13 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{3517840D-7AC5-4C24-BE5E-6A0C3CCD8574}

[2011/08/10 06:59:53 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{DD84B71D-D791-4B64-9E2C-6306CC1CB525}

[2011/08/10 06:59:39 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{51C84438-4110-4852-B540-E8C9A70FA65D}

[2011/08/09 18:07:51 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{B59CB1E5-F0E2-44CE-A43E-25DF0A861A14}

[2011/08/09 18:07:37 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{5BA3A280-41BA-4744-9B9F-00CD4FAA7389}

[2011/08/09 13:46:18 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{2B0632C5-466B-4578-980B-AC4512D8F6E1}

[2011/08/08 13:21:57 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{A7F30031-C5F7-4EE5-B5CE-0847F06E2933}

[2011/08/08 13:21:35 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{646E9201-8492-469F-840A-7BF2EE04819A}

[2011/08/07 20:20:20 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{98554A11-15EF-46F5-89D4-50356C646F21}

[2011/08/07 20:20:08 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{0A7F5AC6-8639-4E15-B176-31ECB5CAC8E5}

[2011/08/05 12:36:26 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{136353F2-703F-4D95-B3B6-104962ACFC7B}

[2011/08/05 12:36:14 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{AF5488AF-7689-43B4-9292-1158E179F8FC}

[2011/08/04 20:57:43 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{7001DF58-4ED6-48B2-9C2B-FBFAE71757B8}

[2011/08/04 08:57:21 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{0220A592-17AD-42F1-AEC7-A761DA655483}

[2011/08/03 20:56:59 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{D73CC069-C7A6-486B-98BE-E0541630742A}

[2011/08/03 08:18:22 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{F3868349-C681-4457-A53A-D9A5B70C68F2}

[2011/08/02 20:17:59 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{1DB9A4ED-EF34-42AE-8014-3452921A5A05}

[2011/08/02 08:17:24 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{FE79EF27-D8E9-4CB0-BB5D-50FC1B3C3FA5}

[2011/08/01 20:17:02 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{04E8959C-D09B-4E22-85C7-F82D96A13E7F}

[2011/08/01 08:16:13 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{D3FC1861-562D-47B5-B059-B0052894DE62}

[2011/07/31 12:55:47 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{5AC86B14-F6E5-4B96-AD5F-41925E620814}

[2011/07/31 00:53:15 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{EE7FC018-E392-4DE7-9B08-2BEA0AAF9074}

[2011/07/30 10:14:29 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{4504B0C3-02E3-45E3-9E56-F6B18B3E32E9}

[2011/07/28 20:34:58 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{C5DBE26A-B90C-4CEB-9C3B-3774A6122C89}

[2011/07/28 08:34:24 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{ACCD1BF6-2797-4A18-AB7D-CA57CBFAEA4F}

[2011/07/27 20:34:02 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{A2F46103-CD05-40C6-BC40-75321DA3F908}

[2011/07/27 08:33:27 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{1FBC162A-03E5-4A36-8956-03A999E09ED5}

[2011/07/26 20:32:40 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{79F7270E-3A7C-4B7B-A820-22E6E7753FB0}

[2011/07/26 08:19:29 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{3B43D2B9-382B-4B21-9443-41A20F96FB9F}

[2011/07/25 15:21:49 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{C7E05F93-B16C-48B4-921B-B04C1377A4BD}

[2011/07/24 22:30:33 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{F1BAAF70-35D0-4626-91A5-03635A57FE89}

[2011/07/24 10:29:45 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{4344A219-B066-4FE5-92AE-497EC945F5A7}

[2011/07/23 15:53:54 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Roaming\Catalina Marketing Corp

[2011/07/23 15:53:53 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp

[2011/07/23 11:22:40 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{6DD3F5BC-F62E-4D05-BF87-82BE51855D30}

[2011/07/22 20:29:56 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{38283FF4-093F-47FE-8FF2-8F700D8F7488}

[2011/07/21 20:16:58 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{CE89C50A-3BC1-4FBF-9395-043BBABD48BF}

[2011/07/17 21:15:07 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{64B7C515-B63D-4F7F-9820-B92CE088BA75}

[2011/07/15 20:27:02 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{F2ADB9A0-E83C-4D03-8165-0DE1726C928C}

[2011/07/14 08:15:51 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{F2EC98FB-C7A2-4601-98AB-639CC9798921}

[2011/07/13 20:15:05 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{930D07A1-D085-43BF-9598-0AD3B79ADC2C}

[2011/07/09 21:01:46 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{8AFF06A1-B315-4AF7-8C2C-798DAFC541B8}

[2011/07/08 20:15:53 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{28518B5B-16B5-427C-B58E-841930BD5008}

[2011/07/07 20:14:30 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{506BCF06-E61E-496D-8BFF-30799DFAB4FC}

[2011/07/04 13:20:47 | 000,000,000 | ---D | C] -- C:\bailey letters

[2011/06/30 08:07:10 | 000,000,000 | ---D | C] -- C:\Users\Sherri\AppData\Local\{20BFE267-3772-4BC5-A424-1A1D06010958}

[2011/03/30 21:29:04 | 003,056,008 | ---- | C] (Ask) -- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe

[2010/01/06 18:51:43 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Sherri\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 90 Days ==========

[2011/09/26 14:41:39 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Sherri\Desktop\OTL.exe

[2011/09/26 14:41:03 | 000,000,512 | ---- | M] () -- C:\Users\Sherri\Desktop\MBR.dat

[2011/09/26 13:57:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/09/26 12:36:03 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sherri\Desktop\aswMBR.exe

[2011/09/26 11:36:23 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/09/26 11:36:23 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/09/26 11:29:44 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/09/26 11:28:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/09/26 11:28:41 | 3168,415,744 | -HS- | M] () -- C:\hiberfil.sys

[2011/09/26 10:13:21 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/09/26 09:33:00 | 002,206,299 | ---- | M] () -- C:\Users\Sherri\Documents\Firefox 3.6.22 (en-US) - 2011-09-26.pcv

[2011/09/26 09:32:15 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk

[2011/09/25 21:40:12 | 000,165,376 | ---- | M] () -- C:\Users\Sherri\Desktop\SystemLook_x64.exe

[2011/09/23 22:39:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/09/23 22:23:33 | 004,238,357 | R--- | M] (Swearware) -- C:\Users\Sherri\Desktop\ComboFix.exe

[2011/09/22 20:34:58 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2011/09/22 20:34:57 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2011/09/22 20:10:17 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011/09/20 23:28:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Sherri\Desktop\dds.scr

[2011/09/20 22:41:34 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/09/20 22:41:34 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/09/20 22:41:34 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/09/19 22:52:10 | 000,000,000 | ---- | M] () -- C:\install.rdf

[2011/09/18 16:50:02 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/09/18 16:38:24 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/09/14 19:54:58 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/09/12 08:43:16 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/07/31 23:30:59 | 000,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2011/07/14 03:21:25 | 000,492,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/07/07 08:09:19 | 000,001,530 | ---- | M] () -- C:\Users\Sherri\Documents\ax_files.xml

========== Files Created - No Company Name ==========

[2011/09/26 14:41:03 | 000,000,512 | ---- | C] () -- C:\Users\Sherri\Desktop\MBR.dat

[2011/09/26 10:13:21 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011/09/26 10:13:21 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/09/26 09:32:59 | 002,206,299 | ---- | C] () -- C:\Users\Sherri\Documents\Firefox 3.6.22 (en-US) - 2011-09-26.pcv

[2011/09/26 09:32:15 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk

[2011/09/25 21:43:53 | 000,165,376 | ---- | C] () -- C:\Users\Sherri\Desktop\SystemLook_x64.exe

[2011/09/22 20:10:17 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011/09/20 23:15:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/09/20 23:15:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/09/20 23:15:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/09/20 23:15:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/09/20 23:15:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/09/19 22:52:10 | 000,000,000 | ---- | C] () -- C:\install.rdf

[2011/09/18 16:50:02 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/09/18 16:38:24 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/09/12 08:43:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/09/12 08:43:16 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/02/26 18:02:30 | 000,000,120 | ---- | C] () -- C:\Users\Sherri\AppData\Local\Qzaqum.dat

[2011/02/26 18:02:30 | 000,000,000 | ---- | C] () -- C:\Users\Sherri\AppData\Local\Ixonacosuwulec.bin

[2010/11/19 20:28:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/10/08 20:15:40 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010/10/01 16:57:24 | 000,000,216 | ---- | C] () -- C:\Windows\KA.INI

[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2010/07/11 23:14:38 | 000,004,096 | -H-- | C] () -- C:\Users\Sherri\AppData\Local\keyfile3.drm

[2010/04/30 21:07:13 | 000,015,840 | ---- | C] () -- C:\Windows\SysWow64\MACHNM1.EXE

[2010/04/13 19:17:39 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/02/13 17:19:31 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2009/12/30 00:44:10 | 000,026,624 | ---- | C] () -- C:\Users\Sherri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/15 18:05:29 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009/12/15 16:54:00 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini

[2009/12/15 16:54:00 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini

[2009/12/15 16:54:00 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini

[2009/12/15 16:53:44 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2009/12/15 16:53:44 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2009/12/15 16:49:55 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2009/07/30 21:58:42 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/24 18:32:34 | 000,089,352 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll

[2009/06/24 18:31:46 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll

[2009/06/24 18:31:00 | 000,234,760 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll

[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll

[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll

========== LOP Check ==========

[2010/01/06 20:10:20 | 000,000,000 | ---D | M] -- C:\Users\Sherri\AppData\Roaming\Absolute

[2010/12/16 08:37:16 | 000,000,000 | ---D | M] -- C:\Users\Sherri\AppData\Roaming\Absolute Software

[2010/04/04 21:02:43 | 000,000,000 | ---D | M] -- C:\Users\Sherri\AppData\Roaming\avidemux

[2011/07/23 15:53:54 | 000,000,000 | ---D | M] -- C:\Users\Sherri\AppData\Roaming\Catalina Marketing Corp

[2011/09/26 11:30:52 | 000,000,000 | ---D | M] -- C:\Users\Sherri\AppData\Roaming\Dropbox

[2010/12/28 16:19:07 | 000,000,000 | ---D | M] -- C:\Users\Sherri\AppData\Roaming\Elluminate

[2010/04/08 20:29:59 | 000,000,000 | ---D | M] -- C:\Users\Sherri\AppData\Roaming\EPSON

[2011/09/08 21:49:05 | 000,000,000 | ---D | M] -- C:\Users\Sherri\AppData\Roaming\OpenCandy

[2011/03/05 23:23:40 | 000,000,000 | ---D | M] -- C:\Users\Sherri\AppData\Roaming\PCDr

[2010/08/16 21:21:38 | 000,000,000 | ---D | M] -- C:\Users\Sherri\AppData\Roaming\PrimoPDF

[2011/09/19 23:06:15 | 000,000,000 | ---D | M] -- C:\Users\Sherri\AppData\Roaming\Sammsoft

[2010/04/03 14:25:37 | 000,000,000 | ---D | M] -- C:\Users\Sherri\AppData\Roaming\Southwest Airlines

[2010/12/19 11:47:29 | 000,000,000 | ---D | M] -- C:\Users\Sherri\AppData\Roaming\Windows Live Writer

[2011/08/26 17:02:21 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2011/09/23 22:44:02 | 000,032,203 | ---- | M] () -- C:\ComboFix.txt

[2009/12/15 18:11:31 | 000,003,578 | RH-- | M] () -- C:\dell.sdr

[2011/09/26 11:28:41 | 3168,415,744 | -HS- | M] () -- C:\hiberfil.sys

[2005/01/27 13:02:36 | 000,000,052 | ---- | M] () -- C:\info.txt

[2011/09/19 22:52:10 | 000,000,000 | ---- | M] () -- C:\install.rdf

[2011/09/26 11:28:49 | 4224,557,056 | -HS- | M] () -- C:\pagefile.sys

[2011/09/20 22:48:45 | 000,137,244 | ---- | M] () -- C:\TDSSKiller.2.5.23.0_20.09.2011_22.40.16_log.txt

[2011/09/20 23:08:47 | 000,069,744 | ---- | M] () -- C:\TDSSKiller.2.5.23.0_20.09.2011_23.00.13_log.txt

< %USERPROFILE%\*.* >

[2011/09/26 14:46:56 | 014,680,064 | -HS- | M] () -- C:\Users\Sherri\ntuser.dat

[2011/09/26 14:46:56 | 000,262,144 | -HS- | M] () -- C:\Users\Sherri\ntuser.dat.LOG1

[2009/12/25 11:44:26 | 000,000,000 | -HS- | M] () -- C:\Users\Sherri\ntuser.dat.LOG2

[2009/12/27 04:16:52 | 000,065,536 | -HS- | M] () -- C:\Users\Sherri\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf

[2009/12/27 04:16:52 | 000,524,288 | -HS- | M] () -- C:\Users\Sherri\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms

[2009/12/27 04:16:52 | 000,524,288 | -HS- | M] () -- C:\Users\Sherri\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

[2010/04/10 18:01:09 | 000,065,536 | -HS- | M] () -- C:\Users\Sherri\ntuser.dat{384b1e07-44c1-11df-8adb-0026b91566e8}.TM.blf

[2010/04/10 18:01:09 | 000,524,288 | -HS- | M] () -- C:\Users\Sherri\ntuser.dat{384b1e07-44c1-11df-8adb-0026b91566e8}.TMContainer00000000000000000001.regtrans-ms

[2010/04/10 18:01:09 | 000,524,288 | -HS- | M] () -- C:\Users\Sherri\ntuser.dat{384b1e07-44c1-11df-8adb-0026b91566e8}.TMContainer00000000000000000002.regtrans-ms

[2009/12/25 11:44:26 | 000,000,020 | -HS- | M] () -- C:\Users\Sherri\ntuser.ini

[2010/04/08 20:29:59 | 000,000,000 | ---- | M] () -- C:\Users\Sherri\Sti_Trace.log

< %USERPROFILE%\AppData\Local\*.* >

[2011/04/27 00:06:19 | 000,026,624 | ---- | M] () -- C:\Users\Sherri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/04 15:51:32 | 000,142,520 | ---- | M] () -- C:\Users\Sherri\AppData\Local\GDIPFONTCACHEV1.DAT

[2011/09/26 11:27:59 | 003,605,768 | -H-- | M] () -- C:\Users\Sherri\AppData\Local\IconCache.db

[2011/02/26 18:02:30 | 000,000,000 | ---- | M] () -- C:\Users\Sherri\AppData\Local\Ixonacosuwulec.bin

[2010/07/11 23:14:38 | 000,004,096 | -H-- | M] () -- C:\Users\Sherri\AppData\Local\keyfile3.drm

[2011/02/26 18:02:30 | 000,000,120 | ---- | M] () -- C:\Users\Sherri\AppData\Local\Qzaqum.dat

< %USERPROFILE%\AppData\Roaming\*.* >

[2010/04/30 12:18:32 | 008,656,832 | ---- | M] (Dell, Inc. ) -- C:\Users\Sherri\AppData\Roaming\DataSafeDotNet.exe

< %ProgramData%\*.* >

[2011/04/05 23:15:41 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib

[2010/10/08 10:01:06 | 000,000,003 | ---- | M] () -- C:\ProgramData\AbsoluteNotifier.txt

[2010/11/19 20:28:20 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

< %CommonProgramFiles%\*.* >

[2011/06/09 12:03:40 | 000,143,240 | ---- | M] (Ask.com) -- C:\Program Files (x86)\Common Files\ApnStub.exe

[2011/06/09 12:03:40 | 003,486,088 | ---- | M] (Ask) -- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe

[2010/10/16 11:50:24 | 003,056,008 | ---- | M] (Ask) -- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe

< %PROGRAMFILES%\*.* >

[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< End of report >

----------------------------------------------

(CONT)

Link to post
Share on other sites

(CONT)

Extras.txt

OTL Extras logfile created on: 9/26/2011 2:44:46 PM - Run 1

OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Sherri\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 43.12% Memory free

7.87 Gb Paging File | 5.53 Gb Available in Paging File | 70.28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.07 Gb Total Space | 361.40 Gb Free Space | 80.12% Space Free | Partition Type: NTFS

Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SHERRI-PC | User Name: Sherri | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2690401071-4041784352-2135043583-1001\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support

"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes

"{B4735ADA-2C32-4DB1-809C-D3D424343ED9}" = FastAccess

"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5

"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0

"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java 6 Update 27

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB

"{76CE5B47-F5A4-4E5C-99A0-CEFF6146EA4A}" = System Requirements Lab for Intel

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007

"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)

"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007

"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.12

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"7-Zip" = 7-Zip 4.65

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Boardmaker version 5" = Boardmaker version 5

"CBA Learning Module Series_is1" = CBA Learning Module Series v6

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"Dell Webcam Central" = Dell Webcam Central

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Shrink_is1" = DVD Shrink 3.2

"FG_1.5" = JumpStart 1st Grade v1.5

"GoToAssist" = GoToAssist 8.0.0.514

"HijackThis" = HijackThis 1.99.1

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"MozBackup" = MozBackup 1.5.1

"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)

"Picasa 3" = Picasa 3

"PrimoPDF" = PrimoPDF -- by Nitro PDF Software

"PROPLUS" = Microsoft Office Professional Plus 2007

"VISPRO" = Microsoft Office Visio Professional 2007

"WinLiveSuite" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2690401071-4041784352-2135043583-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

-----------------------------------------------

Thanks again for your help...

Mark

Link to post
Share on other sites

Hi Mark,

STEP 1

Backup Your Registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.

Open Erunt.exe. Follow the prompts leaving the values at default.

STEP 2

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"

    :OTL
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E8F056C9-7E95-49EB-AC3B-AEC4106977F1}: C:\Users\Sherri\AppData\Local\{E8F056C9-7E95-49EB-AC3B-AEC4106977F1}
    O2 - BHO: (Reg Error: Value error.) - {166C7554-45F4-4A4F-BFD0-3487A9C4ABD3} - C:\Users\Sherri\AppData\Local\ShellWin32.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2690401071-4041784352-2135043583-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-2690401071-4041784352-2135043583-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2690401071-4041784352-2135043583-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [FAStartup] File not found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
    O37 - HKU\S-1-5-21-2690401071-4041784352-2135043583-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [2011/02/26 18:02:30 | 000,000,120 | ---- | C] () -- C:\Users\Sherri\AppData\Local\Qzaqum.dat
    [2011/02/26 18:02:30 | 000,000,000 | ---- | C] () -- C:\Users\Sherri\AppData\Local\Ixonacosuwulec.bin
    :services
    mfehidk
    mfenlfk
    mfewfpk
    McMPFSvc
    McNaiAnn
    McProxy
    McShield
    mfefire
    mfevtp
    cfwids
    mfeavfk
    mfefirek
    McComponentHostService
    mferkdet
    :files
    C:\Users\Sherri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\McAfee
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\McAfee
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{166C7554-45F4-4A4F-BFD0-3487A9C4ABD3}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{166C7554-45F4-4A4F-BFD0-3487A9C4ABD3}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74EC0DAF-A972-43D5-A6CC-D819F9EE4E9F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7E4A46C-4CA2-4024-BBF1-A6E43EA7A447}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\YontooIEClient.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
    :commands
    [emptyflash]
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

STEP 3

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

STEP 4

Can you please rerun aswMBR and post the new log.

How are things now ? Are there any problem left?

Regards,

Georgi

Link to post
Share on other sites

Opened Erunt.exe and did a backup of the registry....

OTL Log file:

All processes killed

========== OTL ==========

File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E8F056C9-7E95-49EB-AC3B-AEC4106977F1}: C:\Users\Sherri\AppData\Local\{E8F056C9-7E95-49EB-AC3B-AEC4106977F1} not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{166C7554-45F4-4A4F-BFD0-3487A9C4ABD3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166C7554-45F4-4A4F-BFD0-3487A9C4ABD3}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2690401071-4041784352-2135043583-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_USERS\S-1-5-21-2690401071-4041784352-2135043583-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_USERS\S-1-5-21-2690401071-4041784352-2135043583-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FAStartup deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-2690401071-4041784352-2135043583-1001_Classes\.exe\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-2690401071-4041784352-2135043583-1001_Classes\exefile\ not found.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

C:\Users\Sherri\AppData\Local\Qzaqum.dat moved successfully.

C:\Users\Sherri\AppData\Local\Ixonacosuwulec.bin moved successfully.

========== SERVICES/DRIVERS ==========

Error: No service named mfehidk was found to stop!

Service\Driver key mfehidk not found.

Error: No service named mfenlfk was found to stop!

Service\Driver key mfenlfk not found.

Error: No service named mfewfpk was found to stop!

Service\Driver key mfewfpk not found.

Error: No service named McMPFSvc was found to stop!

Service\Driver key McMPFSvc not found.

Error: No service named McNaiAnn was found to stop!

Service\Driver key McNaiAnn not found.

Error: No service named McProxy was found to stop!

Service\Driver key McProxy not found.

Error: No service named McShield was found to stop!

Service\Driver key McShield not found.

Error: No service named mfefire was found to stop!

Service\Driver key mfefire not found.

Error: No service named mfevtp was found to stop!

Service\Driver key mfevtp not found.

Error: No service named cfwids was found to stop!

Service\Driver key cfwids not found.

Error: No service named mfeavfk was found to stop!

Service\Driver key mfeavfk not found.

Error: No service named mfefirek was found to stop!

Service\Driver key mfefirek not found.

Error: No service named McComponentHostService was found to stop!

Service\Driver key McComponentHostService not found.

Error: No service named mferkdet was found to stop!

Service\Driver key mferkdet not found.

========== FILES ==========

C:\Users\Sherri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\McAfee\MCLOGS\CoreTech\iexplore folder moved successfully.

C:\Users\Sherri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\McAfee\MCLOGS\CoreTech folder moved successfully.

C:\Users\Sherri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\McAfee\MCLOGS\Anti-Spam\iexplore folder moved successfully.

C:\Users\Sherri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\McAfee\MCLOGS\Anti-Spam folder moved successfully.

C:\Users\Sherri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\McAfee\MCLOGS folder moved successfully.

C:\Users\Sherri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\McAfee folder moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\McAfee\sacore folder moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\McAfee folder moved successfully.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{166C7554-45F4-4A4F-BFD0-3487A9C4ABD3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166C7554-45F4-4A4F-BFD0-3487A9C4ABD3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{166C7554-45F4-4A4F-BFD0-3487A9C4ABD3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166C7554-45F4-4A4F-BFD0-3487A9C4ABD3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74EC0DAF-A972-43D5-A6CC-D819F9EE4E9F}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74EC0DAF-A972-43D5-A6CC-D819F9EE4E9F}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7E4A46C-4CA2-4024-BBF1-A6E43EA7A447}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7E4A46C-4CA2-4024-BBF1-A6E43EA7A447}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\YontooIEClient.DLL\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ not found.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 56468 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

User: Sherri

->Flash cache emptied: 3061495 bytes

Total Flash Files Cleaned = 3.00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Sherri

->Temp folder emptied: 58761042 bytes

->Temporary Internet Files folder emptied: 879776223 bytes

->Java cache emptied: 915825 bytes

->FireFox cache emptied: 52529338 bytes

->Google Chrome cache emptied: 6307350 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1216 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes

RecycleBin emptied: 635392 bytes

Total Files Cleaned = 953.00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 09262011_181716

Files\Folders moved on Reboot...

C:\Users\Sherri\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Sherri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1NKIY57\index[1].htm moved successfully.

Registry entries deleted on Reboot...

---------------------------------------------------------

Ran Defogger to disable any virutal drives...

---------------------------------------------------------

Ran aswMBR and here are the results...

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-09-26 18:34:36

-----------------------------

18:34:36.322 OS Version: Windows x64 6.1.7601 Service Pack 1

18:34:36.322 Number of processors: 2 586 0x170A

18:34:36.322 ComputerName: SHERRI-PC UserName: Sherri

18:34:37.695 Initialize success

18:35:12.411 AVAST engine defs: 11092601

18:35:21.709 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

18:35:21.724 Disk 0 Vendor: ST9500420ASG 0004SDM1 Size: 476940MB BusType: 11

18:35:23.799 Disk 0 MBR read successfully

18:35:23.799 Disk 0 MBR scan

18:35:23.815 Disk 0 Windows VISTA default MBR code

18:35:23.830 Service scanning

18:35:35.795 Modules scanning

18:35:35.795 Disk 0 trace - called modules:

18:35:35.842 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

18:35:35.842 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c11650]

18:35:35.842 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046a2060]

18:35:38.104 AVAST engine scan C:\

20:40:01.125 Scan finished successfully

20:45:54.773 Disk 0 MBR has been saved successfully to "C:\Users\Sherri\Desktop\MBR.dat"

20:45:54.789 The log file has been saved successfully to "C:\Users\Sherri\Desktop\aswMBR.txt"

-----------------------------------------

Computer is now searching fine, results are not getting forwarded to other web pages.

I only knew of the google redirecting the results, wife did not mentioned of there were other issues.

So I would venture on to say that all is good...

From what you have seen, do you happen to know what she might have did or downloaded that caused her issue??

Again thanks for all your help...

Mark

Link to post
Share on other sites

Hi Mark,

From what you have seen, do you happen to know what she might have did or downloaded that caused her issue??

I'll give you some recommendations on how to prevent malware's from taking hold of your system when we are done with the cleaning process.

Now I need a file from your system for further analysis.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Download, and install free 7-zip

Please open MBAM, click on the "Quarantine" tab. Then choose utilwebsched.dll if it exists there and use "restore" -option.

Now please navigate to c:\Users\Sherri\AppData\Local\msnauthenticationsvc\utilwebsched.dll

Right click on it and select "7-zip", then "Add to archive.."

unledup.png

Go to "encryption" and type in infected as the password. (don't forget to re-enter the password)

Leave all other settings to default, and click OK.

New file with .zip or .7z extension will be created in very same folder.

Next upload the archive here

Finally delete both - the created archive and the file you just restored !!!

Thanks! :)

Regards,

Georgi

Link to post
Share on other sites

please note that I uploaded the utilwebsched.zip file as you requested...

I did notice that I no longer have access to the "Documents and Settings" folder (permission denied)

I was able to get to the folder by type in the path in the run box, then I had to copy the files to a temp dirctory, then zip then upload then delete...

Thanks

Mark

Link to post
Share on other sites

Hi Mark,

Thank you for the file.

I did notice that I no longer have access to the "Documents and Settings" folder (permission denied)

Well, this is odd.

We need to scan the system with this special tool.

  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:
    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
    A command window opens starting to scan the system.
    Wait until a log file opens. Copy and paste or attach the content of it.

Regards,

Georgi

Link to post
Share on other sites

extracted and placed junction.exe to the windows directory.

Tried to run that cmd, but a dos window appears and then disappears quickly.

I manually typed command in cmd window...

and I get this...

C:\Windows>junction -s c:\ >log.txt&log.txt& del log.txt

Access is denied.

'log.txt' is not recognized as an internal or external command,

operable program or batch file.

Could Not Find C:\Windows\log.txt

Link to post
Share on other sites

I did notice that I no longer have access to the "Documents and Settings" folder (permission denied)

I overlooked you use Windows 7

Can you specify what you mean?

The “My Documents and Settings” is not a folder used by Windows 7. It is a junction point. If you have "Hide protected operating system files" unchecked, then you will see these junction points. It is intended that users have no access to these junction points. These junction points exist to provide backwards compatibility for older programs that are unaware of the new folder structure in Windows 7. A program that is hardcoded to install files in the old Documents and Settings will be silently redirected to the new location.

Regards,

Georgi

Link to post
Share on other sites

C Drive has a directory called "Documents and Settings", which is where I get the access denied message. I was going

into that folder to find the "c:\Users\Sherri\AppData\Local\msnauthenticationsvc\utilwebsched.dll" file.

I don't know why I was trying to get into the "Documents and Settings" folder...

Link to post
Share on other sites

Hi Mark,

This is normal. Please take a look here. :)

Before I give you my final recommendations please do this:

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    7. Now click on Advanced Settings and select the following:

        • Scan for potentially unwanted applications
        • Scan for potentially unsafe applications
        • Enable Anti-Stealth Technology

[*]Push the Start button.

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, push esetListThreats.png

[*]Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Push the esetBack.png button.

[*]Push esetFinish.png

Regards,

Georgi

Link to post
Share on other sites

Results from EScan...

C:\Downloads\vdownloader.zip probably a variant of Win32/Agent.ILZCTEN trojan

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

C:\Qoobox\Quarantine\C\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\a3z3wo77.default\extensions\{aa1fd1d8-aafb-42a5-a81d-83adb8938703}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan

C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\Default\flbhhnnmkcdhhmaacpgdgpabohnjncfi\contentscript.js Win32/TrojanDownloader.Tracur.F trojan

C:\Users\Sherri\Downloads\FreewarePrimoPDF.exe Win32/OpenCandy application

C:\Users\Sherri\Downloads\VDownloaderSetup.exe Win32/OpenCandy application

C:\Users\Sherri\Downloads\VDownloader_v3.2.807.exe Win32/OpenCandy application

C:\vdownloader youtube\VDownloaderSetup.exe Win32/OpenCandy application

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.