FBI Warning When Using Internet

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

swonkie

Thread Starter
Joined
Dec 23, 2012
Messages
8
Everytime I plug my laptop into the internet I get an FBI warning and it locks my computer. Even states I have to pay $200 to get it unlocked. Has my web cam showing on the page.

Here are the Logs

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:57:57 AM, on 12/23/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Users\Zoey\AppData\Local\Temp\systry.exe
C:\ProgramData\lsass.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Zoey\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120909&user_guid=4D4C7B9D74BF40A7AC7DC0C37A6F1B7B&machine_id=b7491b8a7ad1b38c11e583f84845526d&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Freecause Shopping BHO - {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files (x86)\Shop to Win 9\Shop to Win 9.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: Toolbar BHO - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll
O2 - BHO: Search Assistant BHO - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
O2 - BHO: FCTBPos00Pos - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: MyPoints Point Finder - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Coupon Alert - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [AutoLoader] "C:\Users\Zoey\AppData\Local\Temp\systry.exe"
O4 - HKCU\..\Run: [StartNow Search Protect] "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: ctfmon.lnk = C:\ProgramData\lsass.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.9.1.0/GarminAxControl.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Coupon AlertService (CouponAlert_2pService) - COMPANYVERS_NAME - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 19223 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by Zoey at 11:00:27 on 2012-12-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2485 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\System32\vds.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Users\Zoey\AppData\Local\Temp\systry.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\ProgramData\lsass.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120909&user_guid=4D4C7B9D74BF40A7AC7DC0C37A6F1B7B&machine_id=b7491b8a7ad1b38c11e583f84845526d&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uURLSearchHooks: <No Name>: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe
BHO: Shop to Win: {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files (x86)\Shop to Win 9\Shop to Win 9.dll
BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
BHO: MyPoints Point Finder BHO: {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll
BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
TB: MyPoints Point Finder: {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
TB: MyPoints Point Finder: {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "C:\Users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [AutoLoader] "C:\Users\Zoey\AppData\Local\Temp\systry.exe"
uRun: [StartNow Search Protect] "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h
mRun: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Zoey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ctfmon.lnk - C:\ProgramData\lsass.exe
StartupFolder: C:\Users\Zoey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.9.1.0/GarminAxControl.CAB
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 8.8.8.8 8.8.4.4 209.55.27.13
TCP: Interfaces\{2C6F3732-4F78-4B63-9BAC-1C4A7D108AE2}\3454D454 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2C6F3732-4F78-4B63-9BAC-1C4A7D108AE2}\4516E616765627 : DHCPNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{2C6F3732-4F78-4B63-9BAC-1C4A7D108AE2}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2C6F3732-4F78-4B63-9BAC-1C4A7D108AE2}\54675627563747F53547574656E647 : DHCPNameServer = 10.32.81.10 10.32.81.11 4.2.2.2
TCP: Interfaces\{D4416374-0BFF-43ED-B186-623D341280F3} : DHCPNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 752672]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-11 55280]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-1-26 335784]
R2 CouponAlert_2pService;Coupon AlertService;C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe [2012-3-9 42504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-1-26 237920]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-1-26 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-1-26 177144]
R2 MyWebSearchService;My Web Search Service;C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [2010-9-23 28762]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-1-26 69672]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-9-11 172704]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-22 56344]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-1-26 300392]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-1-26 513456]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-22 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-3 196440]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-1-26 225216]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-1-26 106112]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-22 220672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-17 1255736]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-7-22 98208]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-7-22 202752]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-11 705856]
S4 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-11 2320920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-12-23 18:34:36 -------- d-----w- C:\Users\Zoey\AppData\Local\{3A2609B5-C100-443C-96E8-DCD5885C6EF0}
2012-12-23 17:57:48 -------- d-----w- C:\Users\Zoey\AppData\Local\{2A152FC8-BD35-4D18-8FE6-EEB39011D923}
2012-12-23 17:39:47 -------- d-----w- C:\Users\Zoey\AppData\Local\{8AB53EF1-1587-4B01-B290-8F96EB2C542E}
2012-12-20 03:50:16 -------- d-----w- C:\Users\Zoey\AppData\Local\{10454D9F-9B22-4D0F-8C16-FE3D6AE5E984}
2012-12-07 20:14:19 -------- d-----w- C:\Users\Zoey\AppData\Local\{B086BB2B-21D9-4723-BDCB-8F1C96428F7C}
.
==================== Find3M ====================
.
2012-10-27 23:39:50 44544 ----a-w- C:\ProgramData\lsass.exe
.
============= FINISH: 11:02:46.90 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/16/2010 5:49:11 PM
System Uptime: 12/23/2012 10:55:40 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0H4K11
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | U2E1 | 1722/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 389.688 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP119: 9/20/2012 12:23:46 AM - Scheduled Checkpoint
RP120: 9/21/2012 2:08:40 PM - Windows Update
RP121: 10/9/2012 6:55:29 PM - Scheduled Checkpoint
RP122: 10/10/2012 11:34:01 AM - Windows Update
RP123: 10/21/2012 4:13:54 PM - Scheduled Checkpoint
RP124: 12/7/2012 3:15:45 PM - Scheduled Checkpoint
RP125: 12/8/2012 6:42:49 PM - Restore Operation
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.1
Adobe Shockwave Player
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
Banctec Service Agreement
Bing Bar
Bing Rewards Client Installer
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
Coupon Printer for Windows
CouponAlert Toolbar
Cozi
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Home Systems Service Agreement
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
EA SPORTS online 2008
EpicPlay
Facebook Video Calling 1.2.0.287
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Hotbar
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Photo Creations
HP Update
Intel(R) Management Engine Components
iTunes
Java Auto Updater
Java(TM) 6 Update 20 (64-bit)
Java(TM) 6 Update 21
Junk Mail filter update
LG USB Modem driver
Live! Cam Avatar Creator
LPDR
LPDR Flite
McAfee Internet Security
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
MobileMe Control Panel
MSVCRT
MSVCRT_amd64
My Web Search (Webfetti)
MyPoints Point Finder
PDFCreator
PowerDVD DX
Premium Service Agreement
QualxServ Service Agreement
Quickset64
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Shared C Run-time for x64
Shop To Win
Skins
Skype Toolbars
StartNow Toolbar
Tiger Woods PGA TOUR 08
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WildTangent Games
Windows Codec Pack
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

Gmer didnt find anything. Stated no modifications found,

Thank you in advance for any help you can give me.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the
    icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
 

swonkie

Thread Starter
Joined
Dec 23, 2012
Messages
8
I couldnt get McAfee to shut off so I deleted it. It was expiring soon so I will purchase new.

Here are the logs from ComboFix:

ComboFix 12-12-23.01 - Zoey 12/24/2012 9:46.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2972 [GMT -7:00]
Running from: c:\users\Zoey\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2p
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pdlghk.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pdyn.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pfeedmg.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2phighin.exe
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2phkstub.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2phtml.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2phttpct.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pidle.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pieovr.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pimpipe.exe
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pmedint.exe
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pmlbtn.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pmsg.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pradio.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pregfft.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2preghk.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pregiet.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pscript.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2psknlcr.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pskplay.exe
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pSrchMn.exe
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2ptpinst.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2puabtn.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\CouponAlert_2p\bar\1.bin\chrome\2pffxtbr.jar
c:\program files (x86)\CouponAlert_2p\bar\1.bin\INSTALL.RDF
c:\program files (x86)\CouponAlert_2p\bar\1.bin\installKeys.js
c:\program files (x86)\CouponAlert_2p\bar\1.bin\LOGO.BMP
c:\program files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
c:\program files (x86)\CouponAlert_2p\bar\1.bin\T8RES.DLL
c:\program files (x86)\CouponAlert_2p\bar\gen1\COMMON.T8S
c:\program files (x86)\CouponAlert_2p\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\CouponAlert_2p\bar\Message\COMMON.T8S
c:\program files (x86)\CouponAlert_2p\bar\Settings\s_pid.dat
c:\program files (x86)\FunWebProducts
c:\program files (x86)\HBLite
c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\chrome.manifest
c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\install.rdf
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files (x86)\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files (x86)\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTtpct.dll
c:\program files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCrctr.dll
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO
c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO
c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO
c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO
c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\program files (x86)\Shop to Win
c:\program files (x86)\Shop to Win\InstallNotifier.exe
c:\program files (x86)\Shop to Win\unins000.dat
c:\program files (x86)\Shop to Win\unins000.exe
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Reactivate.exe
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\search_protect.exe
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\program files (x86)\StartNow Toolbar\XBrowser.dll
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\HBLiteSA
c:\programdata\HBLiteSA\HBLiteSA.dat
c:\programdata\HBLiteSA\HBLiteSA_kyf.dat
c:\programdata\HBLiteSA\HBLiteSAAbout.mht
c:\programdata\HBLiteSA\HBLiteSAau.dat
c:\programdata\HBLiteSA\HBLiteSAEULA.mht
c:\programdata\LoJackNotifier.txt
c:\programdata\lsass.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk
c:\users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2F7CA29F-2CED-4CF4-85E7-67FE92E3ECF7}.xps
c:\users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5D3FE193-96E4-4601-9AD8-8BB1F0E6BDAD}.xps
c:\users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7C447536-E387-4806-BC9D-1B5B1EA45CE2}.xps
c:\users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B61BE594-8347-47F1-A1C2-19805A7AB9E1}.xps
c:\users\Zoey\AppData\Roaming\HBLite
c:\users\Zoey\AppData\Roaming\Install.dat
c:\users\Zoey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\users\Zoey\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\SysWow64\f3PSSavr.scr
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_CouponAlert_2pService
-------\Service_MyWebSearchService
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-11-24 to 2012-12-24 )))))))))))))))))))))))))))))))
.
.
2012-12-24 16:56 . 2012-12-24 16:56 -------- d-----w- c:\users\Default\AppData\Local\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 17:37 . 2010-09-17 20:28 65309168 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0095C290-A428-4BDD-B98C-E0A116F1C702}]
2010-12-29 18:20 14432 ----a-w- c:\program files (x86)\Shop to Win 9\Shop to Win 9.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
2010-09-30 00:22 1515008 ----a-w- c:\program files (x86)\MyPoints Point Finder\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files (x86)\MyPoints Point Finder\Toolbar.dll" [2010-09-30 1515008]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-10-03 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Zoey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 0090911356367384mcinstcleanup;McAfee Application Installer Cleanup (0090911356367384);c:\users\Zoey\AppData\Local\Temp\009091~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-17 1255736]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-412875962-3660707953-878319841-1000Core.job
- c:\users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-08 21:45]
.
2012-12-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-412875962-3660707953-878319841-1000UA.job
- c:\users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-08 21:45]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 07:09]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 07:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120909&user_guid=4D4C7B9D74BF40A7AC7DC0C37A6F1B7B&machine_id=b7491b8a7ad1b38c11e583f84845526d&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.9.1.0/GarminAxControl.CAB
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
BHO-{07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
BHO-{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - c:\progra~2\COUPON~2\bar\1.bin\2pbar.dll
BHO-{60e91567-ef8a-4520-bce2-83aba5256799} - c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
Toolbar-Locked - (no file)
Toolbar-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
Toolbar-{3462c343-be19-4143-af70-cefb56f46fc6} - c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
Wow6432Node-HKCU-Run-StartNow Search Protect - c:\program files (x86)\StartNow Toolbar\search_protect.exe
Wow6432Node-HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe
Wow6432Node-HKLM-Run-MyWebSearch Email Plugin - c:\progra~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Coupon Alert Search Scope Monitor - c:\progra~2\COUPON~2\bar\1.bin\2psrchmn.exe
Wow6432Node-HKLM-Run-CouponAlert_2p Browser Plugin Loader - c:\progra~2\COUPON~2\bar\1.bin\2pbrmon.exe
Toolbar-Locked - (no file)
WebBrowser-{89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - (no file)
AddRemove-82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - c:\program files (x86)\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-EpicPlay - c:\program files (x86)\EpicPlay\epicRemoval.exe
AddRemove-HBLiteSA - c:\program files (x86)\HBLite\bin\11.0.264.0\HBLiteUninstaller.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-{F5FB599D-2C5C-4A5F-B8CD-9B7AAD13F80A}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-412875962-3660707953-878319841-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-412875962-3660707953-878319841-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
.
**************************************************************************
.
Completion time: 2012-12-24 10:10:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-24 17:10
.
Pre-Run: 418,507,485,184 bytes free
Post-Run: 418,299,854,848 bytes free
.
- - End Of File - - BFC63DCFC4AC055CFBDBA7472C679471


Thanks for all you help. I am very thankful for help with this.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
ClearJavaCache::
Folder::
c:\program files (x86)\Shop to Win 9
c:\program files (x86)\MyPoints Point Finder
Rgistry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0095C290-A428-4BDD-B98C-E0A116F1C702}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"=-
[-HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[-HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[-HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[-HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
DDS::
uStart Page = hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=9 99&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&instal l_country=&install_date=20120909&user_guid=4D4C7B9D74BF40A7AC7DC0C37A6F1B7B &machine_id=b7491b8a7ad1b38c11e583f84845526d&browser=IE&os=win&os_version=6 .1-x64-SP0&iesrc={referrer:source}
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found
If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
close program
copy and paste the report here

Post those two logs, also give an update on any remaining issues or concerns..

Kevin...:)
 

swonkie

Thread Starter
Joined
Dec 23, 2012
Messages
8
I have both logs you have asked. Had to work on the first one a little. I unplugged the internet and plugged it back in and worked. Thank goodness. I am so glad you guys are so easy to walk thru all this.

ComboFix 12-12-23.01 - Zoey 12/24/2012 16:38:38.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2099 [GMT -7:00]
Running from: c:\users\Zoey\Desktop\ComboFix.exe
Command switches used :: c:\users\Zoey\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\MyPoints Point Finder
c:\program files (x86)\MyPoints Point Finder\aboutTabs.7.js
c:\program files (x86)\MyPoints Point Finder\aboutTabs.8.js
c:\program files (x86)\MyPoints Point Finder\audio.bmp
c:\program files (x86)\MyPoints Point Finder\banner_container.html
c:\program files (x86)\MyPoints Point Finder\blockcursor.cur
c:\program files (x86)\MyPoints Point Finder\blocksound.wav
c:\program files (x86)\MyPoints Point Finder\bookmark_off.bmp
c:\program files (x86)\MyPoints Point Finder\bookmark_on.bmp
c:\program files (x86)\MyPoints Point Finder\bookmarksplugin.dll
c:\program files (x86)\MyPoints Point Finder\bubble_permissions.html
c:\program files (x86)\MyPoints Point Finder\build
c:\program files (x86)\MyPoints Point Finder\caching_banner.html
c:\program files (x86)\MyPoints Point Finder\chevron.bmp
c:\program files (x86)\MyPoints Point Finder\component.xsl
c:\program files (x86)\MyPoints Point Finder\default.xml
c:\program files (x86)\MyPoints Point Finder\efolder.bmp
c:\program files (x86)\MyPoints Point Finder\email.bmp
c:\program files (x86)\MyPoints Point Finder\email2.bmp
c:\program files (x86)\MyPoints Point Finder\emailchecker_plugin.dll
c:\program files (x86)\MyPoints Point Finder\facebook.feature
c:\program files (x86)\MyPoints Point Finder\fbrss.xsl
c:\program files (x86)\MyPoints Point Finder\ff.xsl
c:\program files (x86)\MyPoints Point Finder\folder.bmp
c:\program files (x86)\MyPoints Point Finder\Helper.dll
c:\program files (x86)\MyPoints Point Finder\icons.bmp
c:\program files (x86)\MyPoints Point Finder\iefavelem.bmp
c:\program files (x86)\MyPoints Point Finder\ImageConversion.dll
c:\program files (x86)\MyPoints Point Finder\images\amazon.bmp
c:\program files (x86)\MyPoints Point Finder\images\ebay.bmp
c:\program files (x86)\MyPoints Point Finder\images\email.bmp
c:\program files (x86)\MyPoints Point Finder\images\email2.bmp
c:\program files (x86)\MyPoints Point Finder\images\msgbox\down.gif
c:\program files (x86)\MyPoints Point Finder\images\msgbox\hr.bmp
c:\program files (x86)\MyPoints Point Finder\images\msgbox\mark.png
c:\program files (x86)\MyPoints Point Finder\images\msgbox\mark_do.png
c:\program files (x86)\MyPoints Point Finder\images\msgbox\mark_na.png
c:\program files (x86)\MyPoints Point Finder\images\msgbox\navbg.bmp
c:\program files (x86)\MyPoints Point Finder\images\msgbox\refresh.png
c:\program files (x86)\MyPoints Point Finder\images\msgbox\refresh_do.png
c:\program files (x86)\MyPoints Point Finder\images\msgbox\refresh_na.png
c:\program files (x86)\MyPoints Point Finder\images\msgbox\trash.png
c:\program files (x86)\MyPoints Point Finder\images\msgbox\trash_do.png
c:\program files (x86)\MyPoints Point Finder\images\msgbox\trash_na.png
c:\program files (x86)\MyPoints Point Finder\images\msgbox\unmark.png
c:\program files (x86)\MyPoints Point Finder\images\msgbox\unmark_do.png
c:\program files (x86)\MyPoints Point Finder\images\msgbox\unmark_na.png
c:\program files (x86)\MyPoints Point Finder\images\msgbox\up.gif
c:\program files (x86)\MyPoints Point Finder\images\ticker\left.gif
c:\program files (x86)\MyPoints Point Finder\images\ticker\right.gif
c:\program files (x86)\MyPoints Point Finder\images\weather\0.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\1.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\10.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\11.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\12.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\13.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\14.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\15.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\16.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\17.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\18.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\19.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\2.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\20.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\21.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\22.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\23.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\24.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\25.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\26.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\27.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\28.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\29.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\3.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\30.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\31.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\32.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\33.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\34.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\35.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\36.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\37.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\38.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\39.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\4.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\40.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\41.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\42.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\43.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\44.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\45.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\46.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\47.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\5.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\6.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\7.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\8.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\9.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\hr.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\na.bmp
c:\program files (x86)\MyPoints Point Finder\images\weather\png\0.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\1.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\10.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\11.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\12.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\13.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\14.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\15.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\16.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\17.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\18.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\19.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\2.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\20.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\21.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\22.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\23.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\24.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\25.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\26.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\27.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\28.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\29.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\3.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\30.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\31.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\32.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\33.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\34.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\35.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\36.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\37.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\38.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\39.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\4.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\40.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\41.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\42.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\43.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\44.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\45.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\46.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\47.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\5.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\6.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\7.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\8.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\9.png
c:\program files (x86)\MyPoints Point Finder\images\weather\png\na.png
c:\program files (x86)\MyPoints Point Finder\images\wikipedia.bmp
c:\program files (x86)\MyPoints Point Finder\images\yahoo.bmp
c:\program files (x86)\MyPoints Point Finder\localization.xml
c:\program files (x86)\MyPoints Point Finder\location.xsl
c:\program files (x86)\MyPoints Point Finder\magglass.ico
c:\program files (x86)\MyPoints Point Finder\manage_bookmarks.html
c:\program files (x86)\MyPoints Point Finder\marquee.html
c:\program files (x86)\MyPoints Point Finder\marquee_permissions.html
c:\program files (x86)\MyPoints Point Finder\messaging.bmp
c:\program files (x86)\MyPoints Point Finder\minus.bmp
c:\program files (x86)\MyPoints Point Finder\msgbox_bubble.tmpl
c:\program files (x86)\MyPoints Point Finder\msgbox_openmsg.tmpl
c:\program files (x86)\MyPoints Point Finder\msgboxplugin.dll
c:\program files (x86)\MyPoints Point Finder\offline.html
c:\program files (x86)\MyPoints Point Finder\patch.bat
c:\program files (x86)\MyPoints Point Finder\plus.bmp
c:\program files (x86)\MyPoints Point Finder\podcast.bmp
c:\program files (x86)\MyPoints Point Finder\podcast.xsl
c:\program files (x86)\MyPoints Point Finder\radio.bmp
c:\program files (x86)\MyPoints Point Finder\RadioPlugin.dll
c:\program files (x86)\MyPoints Point Finder\resize.bmp
c:\program files (x86)\MyPoints Point Finder\rssfeed.bmp
c:\program files (x86)\MyPoints Point Finder\RSSReader_plugin.dll
c:\program files (x86)\MyPoints Point Finder\search.xsl
c:\program files (x86)\MyPoints Point Finder\SearchComponent.dll
c:\program files (x86)\MyPoints Point Finder\settings
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_dropdwn_down.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_dropdwn_over.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_dropdwn_up.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_max_down.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_max_over.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_max_up.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_min_down.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_min_over.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_min_up.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_pause_down.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_pause_over.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_pause_up.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_play_down.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_play_over.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_play_up.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_playcntrl_over.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_playcntrl_up.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_stop_down.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_stop_over.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_stop_up.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_volcntrl_over.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_volcntrl_up.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\Equalizer1.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\Equalizer2.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\Equalizer3.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\Equalizer4.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\Equalizer5.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\Equalizer6.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\playcntrl_bg.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\radio.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\radio_mask.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\radio_minimalized.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\radio_minimalized_mask.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\station.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\vol_01.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\vol_02.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\vol_03.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\volslide_bg.bmp
c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\volslide_track.bmp
c:\program files (x86)\MyPoints Point Finder\star_on.gif
c:\program files (x86)\MyPoints Point Finder\ticker.html
c:\program files (x86)\MyPoints Point Finder\Toolbar.dll
c:\program files (x86)\MyPoints Point Finder\ToolbarUpdate.exe
c:\program files (x86)\MyPoints Point Finder\TroubleShooter.exe
c:\program files (x86)\MyPoints Point Finder\Uninst.exe
c:\program files (x86)\MyPoints Point Finder\update_progress.html
c:\program files (x86)\MyPoints Point Finder\version.txt
c:\program files (x86)\MyPoints Point Finder\version.xsl
c:\program files (x86)\MyPoints Point Finder\weather_bubble.tmpl
c:\program files (x86)\MyPoints Point Finder\weatherplugin.dll
c:\program files (x86)\Shop to Win 9
c:\program files (x86)\Shop to Win 9\patch.bat
c:\program files (x86)\Shop to Win 9\settings.xml
c:\program files (x86)\Shop to Win 9\Shop to Win 9.dll
c:\program files (x86)\Shop to Win 9\ShoppingBHO.dll
c:\program files (x86)\Shop to Win 9\ShopToWin.ico
c:\program files (x86)\Shop to Win 9\Uninst.exe
c:\program files (x86)\Shop to Win 9\version.txt
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-25 to 2012-12-25 )))))))))))))))))))))))))))))))
.
.
2012-12-24 23:59 . 2012-12-24 23:59 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED085BAF-6BE1-4210-8677-D157A9495312}\offreg.dll
2012-12-24 23:48 . 2012-12-24 23:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-24 23:34 . 2012-11-19 08:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED085BAF-6BE1-4210-8677-D157A9495312}\mpengine.dll
2012-12-24 18:14 . 2012-12-24 18:14 -------- d-----w- c:\windows\system32\SPReview
2012-12-24 18:12 . 2012-12-24 18:12 -------- d-----w- c:\windows\system32\EventProviders
2012-12-24 18:02 . 2012-12-24 18:02 -------- d-----w- c:\program files (x86)\McAfeeMOBK
2012-12-24 18:02 . 2010-04-14 03:10 66040 ----a-w- c:\windows\system32\drivers\MOBK.sys
2012-12-24 18:02 . 2012-12-24 18:02 -------- d-----w- c:\program files (x86)\McAfee Online Backup
2012-12-24 18:02 . 2012-05-28 17:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-12-24 17:48 . 2012-11-09 13:37 177680 ----a-w- c:\windows\system32\mfevtps.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-24 18:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-12-24 18:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-12-24 18:10 . 2012-06-29 20:24 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-24 18:10 . 2012-06-29 20:24 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-09 13:40 . 2012-11-09 13:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 13:37 . 2012-11-09 13:37 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-11-09 13:35 . 2012-11-09 13:35 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 13:34 . 2012-11-09 13:34 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 13:34 . 2012-11-09 13:34 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 13:33 . 2012-11-09 13:33 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-02 08:46 . 2012-11-02 08:46 97208 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2012-11-02 08:46 . 2012-11-02 08:46 328976 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2012-11-02 08:46 . 2012-11-02 08:46 10544 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2012-10-10 17:37 . 2010-09-17 20:28 65309168 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772}]
c:\progra~2\COUPON~2\bar\1.bin\2pbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799}]
c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}]
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"= "c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL" [BU]
"{5911488E-9D1E-40ec-8CBB-06B231CC153F}"= "c:\program files (x86)\StartNow Toolbar\Toolbar32.dll" [BU]
"{3462c343-be19-4143-af70-cefb56f46fc6}"= "c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{07b18ea9-a523-4961-b6bb-170de4475cca}]
.
[HKEY_CLASSES_ROOT\clsid\{5911488e-9d1e-40ec-8cbb-06b231cc153f}]
.
[HKEY_CLASSES_ROOT\clsid\{3462c343-be19-4143-af70-cefb56f46fc6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-10-03 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Zoey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-05-28 197264]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2012-11-02 97208]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-17 1255736]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2012-10-06 1007288]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2012-11-02 328976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 18:10]
.
2012-12-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-412875962-3660707953-878319841-1000Core.job
- c:\users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-08 21:45]
.
2012-12-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-412875962-3660707953-878319841-1000UA.job
- c:\users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-08 21:45]
.
2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 07:09]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 07:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.9.1.0/GarminAxControl.CAB
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0095C290-A428-4BDD-B98C-E0A116F1C702} - c:\program files (x86)\Shop to Win 9\Shop to Win 9.dll
BHO-{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - c:\program files (x86)\MyPoints Point Finder\Toolbar.dll
Toolbar-Locked - (no file)
Toolbar-{89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - c:\program files (x86)\MyPoints Point Finder\Toolbar.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-mcpltui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
WebBrowser-{89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - (no file)
AddRemove-82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - c:\program files (x86)\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-EpicPlay - c:\program files (x86)\EpicPlay\epicRemoval.exe
AddRemove-HBLiteSA - c:\program files (x86)\HBLite\bin\11.0.264.0\HBLiteUninstaller.exe
AddRemove-MyPoints Point Finder - c:\program files (x86)\MyPoints Point Finder\Uninst.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-{F5FB599D-2C5C-4A5F-B8CD-9B7AAD13F80A}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-412875962-3660707953-878319841-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-412875962-3660707953-878319841-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
.
**************************************************************************
.
Completion time: 2012-12-24 17:04:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-25 00:04
ComboFix2.txt 2012-12-24 17:10
.
Pre-Run: 427,602,427,904 bytes free
Post-Run: 427,773,886,464 bytes free
.
- - End Of File - - 4352AE3FAC94AB110368CDCBEE97A577



C:\Qoobox\Quarantine\C\Users\Zoey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk.vir Win32/Reveton.J trojan
C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DUI268FM\7516fd43adaa5e0b8a65a672c39845d2[1].htm HTML/Iframe.B.Gen virus
C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q0XNCIJ3\7516fd43adaa5e0b8a65a672c39845d2[1].htm HTML/Iframe.B.Gen virus
C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Zoey\Desktop\test.exe a variant of Win32/Kryptik.NLQ trojan


I unistalled the application. I think everything is looking better on the computer. I am at least able to keep on internet without that popping back up. This is my daughters laptop for college so I hope next time she is more careful with what she is doing and doesn't allow her boyfriend on it.

Merry X-Mas and thank you again for this help.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Thankss for the update, continue as follows:

download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Files
    ipconfig /flushdns /c
    C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DUI268FM\7516fd43adaa5e0b8a65a672c39845d2[1].htm
    C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q0XNCIJ3\7516fd43adaa5e0b8a65a672c39845d2[1].htm
    C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Zoey\Desktop\test.exe
    :Commands
    [EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red
    button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Next,

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post those 3 logs in next reply, let me know if any remaining issues or concerns..

Merry Christmas,

Kevin
 

swonkie

Thread Starter
Joined
Dec 23, 2012
Messages
8
Here are the next three logs requested. Hopefully it looks good.



All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Zoey\Downloads\cmd.bat deleted successfully.
C:\Users\Zoey\Downloads\cmd.txt deleted successfully.
C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DUI268FM\7516fd43adaa5e0b8a65a672c39845d2[1].htm moved successfully.
C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q0XNCIJ3\7516fd43adaa5e0b8a65a672c39845d2[1].htm moved successfully.
C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Zoey\Desktop\test.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Zoey
->Temp folder emptied: 152843 bytes
->Temporary Internet Files folder emptied: 665547063 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17427246 bytes
->Google Chrome cache emptied: 55217530 bytes
->Apple Safari cache emptied: 32768 bytes
->Flash cache emptied: 40190 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61148872 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 38510894 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1883360 bytes
RecycleBin emptied: 522240 bytes

Total Files Cleaned = 802.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 12252012_153115
Files moved on Reboot...
C:\Users\Zoey\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...



# AdwCleaner v2.103 - Logfile created 12/25/2012 at 15:41:15
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Zoey - ZOEY-PC
# Boot Mode : Normal
# Running from : C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BR7YXPYE\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\Users\Zoey\AppData\LocalLow\CouponAlert_2p
Folder Deleted : C:\Users\Zoey\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Zoey\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Zoey\Documents\DealRunner
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\ShopToWin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063123.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063123.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Deleted : HKLM\Software\CouponAlert_2p
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\Software\HBLite
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1F0A2185-DA7E-4614-91C0-DD5F4A76CB1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{23B0AE65-17D2-4491-98E5-B1AA6228DDA2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{23B38049-323F-443D-9732-F454E5B15B72}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D205ADF-C992-4EDA-99C3-096E13F38AB4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{411B1946-3277-4A7F-9F60-745266360613}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{457A4CB8-0391-409D-98B4-C4CCB2849670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D8EACBC-E293-4462-B91E-42EA5B54B743}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60E91567-EF8A-4520-BCE2-83ABA5256799}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7717F4B3-397F-4CE5-9192-6EFFDE3AC999}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{84576F6E-0660-4B4F-8918-BC6C975044D4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86D02BCF-0E0E-444F-8A8D-2D5C4A9E6578}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DEF07ACD-BCEA-4269-933A-4087D20842BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBBC4E43-292A-40DF-88E3-3262B7521460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\FCTB000060497
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E91567-EF8A-4520-BCE2-83ABA5256799}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\hblitesa
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]_2p.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{3462C343-BE19-4143-AF70-CEFB56F46FC6}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16450
[OK] Registry is clean.
-\\ Mozilla Firefox v [Unable to get version]
File : C:\Users\Zoey\AppData\Roaming\Mozilla\Firefox\Profiles\7xu7oblc.default\prefs.js
C:\Users\Zoey\AppData\Roaming\Mozilla\Firefox\Profiles\7xu7oblc.default\user.js ... Deleted !
[OK] File is clean.
-\\ Google Chrome v23.0.1271.97
File : C:\Users\Zoey\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.11] : homepage = "hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&prov[...]
Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://search.startnow.com/s/?src=startpage&provider=&prov[...]
Deleted [l.39] : icon_url = "hxxp://www.startnow.com/startnow/images/sn_favicon.ico",
Deleted [l.44] : search_url = "hxxp://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_[...]
Deleted [l.201] : homepage = "hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provide[...]
Deleted [l.261] : urls_to_restore_on_startup = [ "hxxp://search.startnow.com/s/?src=startpage&provider=&provide[...]
*************************
AdwCleaner[S1].txt - [31680 octets] - [25/12/2012 15:41:15]
########## EOF - C:\AdwCleaner[S1].txt - [31741 octets] ##########



Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 21
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.97
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
McAfee Online Backup MOBKbackup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````



Thanks for all your fast responses. And let me know if there is anything else. Thanks again
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Ok, continue as follows....

Remove Combofix now that we're done with it
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")

  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:
  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Next,

Uninstall adwcleaner.exe
  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

Next,

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click
    icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big
    button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

Any tools/logs remaining on the Desktop can be deleted. Such as Security Checks

Next,
Adobe Reader is outdated...
Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.
Step 2 - Select your Langauge.
Step 3 - Select latest version.

Untick the option for McAfee security scanner if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Next,

Your Java
maybe out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"
It will check your current version and then offer to update to the latest version
Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

Next,

Download
TFC to your desktop, from either of the following links
http://oldtimer.geekstogo.com/TFC.exe
http://itxassociates.com/OT-Tools/TFC.exe
  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
  • If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

If your security reacts against TFC either allow it or turn the security OFF whilst TFC runs....

Also make sure to get your security back up and running.

Let me know if those steps complete OK, also if any remaining isues or concerns...

Kevin....:)
 

swonkie

Thread Starter
Joined
Dec 23, 2012
Messages
8
I completed all and it seems perfect now. Thanks so much. I can't believe how easy you made this.
I was only wondering which Antivirus you recommed. I had McAfee on it, but alot of people say Windows Defender is better. Before I add one to her computer please let me know which you prefer. I truly appreciate all your help with this. Now she can get back to her school. Thanks again
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
On my own system I use Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. The FW and MSE are free, Malwarebytes Pro is about £20 for a lifetime licence, auto updates and realtime protection, those all work well together.
If you Install MSE it will ask to turn on the Windows Firewall if McAfee is not currently in use.

If you have UNinstalled McAfee it is still worthwhile running a McAfee removal tool to ensure all remnants are gone..

Go Here and download the McAfee removal tool, save it to your Desktop. Double click the tool to run it, Vista or Windows 7 users right click and select "Run as Administrator" re-boot when requested to complete the task.

This my intro for MSE:

To keep safe when online you need a good Antivirus/Antspyware/Antimalware/Anti-Rootkit combination application. Microsoft Security Essentials covers all of those bases, but better still it is free. Go here http://www.microsoft.com/security_essentials/ select your Operating System, download, install and follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen. Let me know if tit finds anything from the scan...

For Malwarebytes Pro go here http://www.malwarebytes.org/ that link will also give information...

I use and prefer FireFox as my browser, I use AdBlock Plus and Web of Trust (WOT) addons....

Let me know if you have any remaining issues or concerns, if not hit the "Mark Solved" tab at the top of the thread...

Kevin
 

swonkie

Thread Starter
Joined
Dec 23, 2012
Messages
8
Thank you for all the information. I will look into what you have now. If anything comes up I will let you know. Thanks again.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Thanks for the update, Here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol from here http://www.winpatrol.com/download.html This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained here http://www.winpatrol.com/features.html

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)
If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

FireFox http://www.mozilla.com/en-US/,

Opera http://www.opera.com/, and

Chrome http://www.google.com/chrome.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,
Yellow for caution, and
Red to stop.


Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:
http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

It was a pleasure to work with you, take care,

Kevin
 

swonkie

Thread Starter
Joined
Dec 23, 2012
Messages
8
Kevin,
I have finally been able to put the Maleware and Microsoft Essentials on the computer. I was playing with her Itunes and was trying to update it before I send her computer back. The Icon has a run as administartor icon on the side of it. I click it and it asks if I want to allow changes. I click yes and it opens but I am having trouble with it to allow me to download cds for her onto her account.
If I close Itunes and restart the whole thing with every new cd I put in it works. How come just putting in the cd like I did before doesnt let it auto play.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. That information was included in the Combofix instructions. If you go to the following link (which was also available within the Combofix instructions) a full explanation is given.

http://thespykiller.co.uk/index.php?page=20

If you go to this link http://support.microsoft.com/kb/967715 Scroll down to the two "Fixits" one is to disable Autorun and the other enable Autorun.....

I`d still recommend that Autorun is left disabled for protection...

Kevin...(y)
 

swonkie

Thread Starter
Joined
Dec 23, 2012
Messages
8
Thanks
I will let her know so she can decide. Hopefully she takes your recommendation since you are the one how got her computer to work again. lol..
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top