1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

FBI Warning When Using Internet

Discussion in 'Virus & Other Malware Removal' started by swonkie, Dec 23, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. swonkie

    swonkie Thread Starter

    Joined:
    Dec 23, 2012
    Messages:
    8
    Everytime I plug my laptop into the internet I get an FBI warning and it locks my computer. Even states I have to pay $200 to get it unlocked. Has my web cam showing on the page.

    Here are the Logs

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:57:57 AM, on 12/23/2012
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16450)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe
    C:\Users\Zoey\AppData\Local\Temp\systry.exe
    C:\ProgramData\lsass.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Zoey\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120909&user_guid=4D4C7B9D74BF40A7AC7DC0C37A6F1B7B&machine_id=b7491b8a7ad1b38c11e583f84845526d&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Freecause Shopping BHO - {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files (x86)\Shop to Win 9\Shop to Win 9.dll
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
    O2 - BHO: Toolbar BHO - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll
    O2 - BHO: Search Assistant BHO - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    O2 - BHO: FCTBPos00Pos - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll
    O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: MyPoints Point Finder - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Coupon Alert - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe
    O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [AutoLoader] "C:\Users\Zoey\AppData\Local\Temp\systry.exe"
    O4 - HKCU\..\Run: [StartNow Search Protect] "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: ctfmon.lnk = C:\ProgramData\lsass.exe
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.9.1.0/GarminAxControl.CAB
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Coupon AlertService (CouponAlert_2pService) - COMPANYVERS_NAME - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 19223 bytes

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16450
    Run by Zoey at 11:00:27 on 2012-12-23
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2485 [GMT -7:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Windows\System32\vds.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe
    C:\Users\Zoey\AppData\Local\Temp\systry.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\ProgramData\lsass.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120909&user_guid=4D4C7B9D74BF40A7AC7DC0C37A6F1B7B&machine_id=b7491b8a7ad1b38c11e583f84845526d&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
    mStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    uURLSearchHooks: <No Name>: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    mWinlogon: Userinit = userinit.exe
    BHO: Shop to Win: {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files (x86)\Shop to Win 9\Shop to Win 9.dll
    BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
    BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    BHO: MyPoints Point Finder BHO: {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll
    BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
    TB: MyPoints Point Finder: {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll
    TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
    TB: MyPoints Point Finder: {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Facebook Update] "C:\Users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [AutoLoader] "C:\Users\Zoey\AppData\Local\Temp\systry.exe"
    uRun: [StartNow Search Protect] "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
    mRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h
    mRun: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    StartupFolder: C:\Users\Zoey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ctfmon.lnk - C:\ProgramData\lsass.exe
    StartupFolder: C:\Users\Zoey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.9.1.0/GarminAxControl.CAB
    DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    TCP: NameServer = 8.8.8.8 8.8.4.4 209.55.27.13
    TCP: Interfaces\{2C6F3732-4F78-4B63-9BAC-1C4A7D108AE2}\3454D454 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{2C6F3732-4F78-4B63-9BAC-1C4A7D108AE2}\4516E616765627 : DHCPNameServer = 68.87.85.102 68.87.69.150
    TCP: Interfaces\{2C6F3732-4F78-4B63-9BAC-1C4A7D108AE2}\46C696E6B6 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{2C6F3732-4F78-4B63-9BAC-1C4A7D108AE2}\54675627563747F53547574656E647 : DHCPNameServer = 10.32.81.10 10.32.81.11 4.2.2.2
    TCP: Interfaces\{D4416374-0BFF-43ED-B186-623D341280F3} : DHCPNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 752672]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-11 55280]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-1-26 335784]
    R2 CouponAlert_2pService;Coupon AlertService;C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe [2012-3-9 42504]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-1-26 237920]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-1-26 218320]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-1-26 177144]
    R2 MyWebSearchService;My Web Search Service;C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [2010-9-23 28762]
    R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-1-26 69672]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-9-11 172704]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-22 56344]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-1-26 300392]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-1-26 513456]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-22 239616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-23 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-3 196440]
    S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-1-26 225216]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-1-26 106112]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-22 220672]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-17 1255736]
    S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-7-22 98208]
    S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-7-22 202752]
    S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
    S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-11 705856]
    S4 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-11 2320920]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-12-23 18:34:36 -------- d-----w- C:\Users\Zoey\AppData\Local\{3A2609B5-C100-443C-96E8-DCD5885C6EF0}
    2012-12-23 17:57:48 -------- d-----w- C:\Users\Zoey\AppData\Local\{2A152FC8-BD35-4D18-8FE6-EEB39011D923}
    2012-12-23 17:39:47 -------- d-----w- C:\Users\Zoey\AppData\Local\{8AB53EF1-1587-4B01-B290-8F96EB2C542E}
    2012-12-20 03:50:16 -------- d-----w- C:\Users\Zoey\AppData\Local\{10454D9F-9B22-4D0F-8C16-FE3D6AE5E984}
    2012-12-07 20:14:19 -------- d-----w- C:\Users\Zoey\AppData\Local\{B086BB2B-21D9-4723-BDCB-8F1C96428F7C}
    .
    ==================== Find3M ====================
    .
    2012-10-27 23:39:50 44544 ----a-w- C:\ProgramData\lsass.exe
    .
    ============= FINISH: 11:02:46.90 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/16/2010 5:49:11 PM
    System Uptime: 12/23/2012 10:55:40 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0H4K11
    Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | U2E1 | 1722/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 389.688 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP119: 9/20/2012 12:23:46 AM - Scheduled Checkpoint
    RP120: 9/21/2012 2:08:40 PM - Windows Update
    RP121: 10/9/2012 6:55:29 PM - Scheduled Checkpoint
    RP122: 10/10/2012 11:34:01 AM - Windows Update
    RP123: 10/21/2012 4:13:54 PM - Scheduled Checkpoint
    RP124: 12/7/2012 3:15:45 PM - Scheduled Checkpoint
    RP125: 12/8/2012 6:42:49 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Accidental Damage Services Agreement
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.4.1
    Adobe Shockwave Player
    Advanced Audio FX Engine
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Control Center
    Banctec Service Agreement
    Bing Bar
    Bing Rewards Client Installer
    Bonjour
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Complete Care Business Service Agreement
    Consumer In-Home Service Agreement
    Coupon Printer for Windows
    CouponAlert Toolbar
    Cozi
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Edoc Viewer
    Dell Home Systems Service Agreement
    Dell Support Center (Support Software)
    Dell Touchpad
    Dell Webcam Central
    Dell Wireless WLAN Card Utility
    EA SPORTS online 2008
    EpicPlay
    Facebook Video Calling 1.2.0.287
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist 8.0.0.514
    Hotbar
    HP Deskjet 1000 J110 series Basic Device Software
    HP Deskjet 1000 J110 series Help
    HP Deskjet 1000 J110 series Product Improvement Study
    HP Photo Creations
    HP Update
    Intel(R) Management Engine Components
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20 (64-bit)
    Java(TM) 6 Update 21
    Junk Mail filter update
    LG USB Modem driver
    Live! Cam Avatar Creator
    LPDR
    LPDR Flite
    McAfee Internet Security
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.0
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft UI Engine
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    MobileMe Control Panel
    MSVCRT
    MSVCRT_amd64
    My Web Search (Webfetti)
    MyPoints Point Finder
    PDFCreator
    PowerDVD DX
    Premium Service Agreement
    QualxServ Service Agreement
    Quickset64
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Burn
    Safari
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
    Shared C Run-time for x64
    Shop To Win
    Skins
    Skype Toolbars
    StartNow Toolbar
    Tiger Woods PGA TOUR 08
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    WildTangent Games
    Windows Codec Pack
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== End Of File ===========================

    Gmer didnt find anything. Stated no modifications found,

    Thank you in advance for any help you can give me.
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  3. swonkie

    swonkie Thread Starter

    Joined:
    Dec 23, 2012
    Messages:
    8
    I couldnt get McAfee to shut off so I deleted it. It was expiring soon so I will purchase new.

    Here are the logs from ComboFix:

    ComboFix 12-12-23.01 - Zoey 12/24/2012 9:46.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2972 [GMT -7:00]
    Running from: c:\users\Zoey\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\CouponAlert_2p
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pdlghk.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pdyn.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pfeedmg.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2phighin.exe
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2phkstub.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2phtml.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2phttpct.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pidle.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pieovr.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pimpipe.exe
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pmedint.exe
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pmlbtn.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pmsg.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pradio.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pregfft.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2preghk.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pregiet.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pscript.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2psknlcr.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pskplay.exe
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pSrchMn.exe
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2ptpinst.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2puabtn.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\CHROME.MANIFEST
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\chrome\2pffxtbr.jar
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\INSTALL.RDF
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\installKeys.js
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\LOGO.BMP
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\T8RES.DLL
    c:\program files (x86)\CouponAlert_2p\bar\gen1\COMMON.T8S
    c:\program files (x86)\CouponAlert_2p\bar\IE9Mesg\COMMON.T8S
    c:\program files (x86)\CouponAlert_2p\bar\Message\COMMON.T8S
    c:\program files (x86)\CouponAlert_2p\bar\Settings\s_pid.dat
    c:\program files (x86)\FunWebProducts
    c:\program files (x86)\HBLite
    c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\chrome.manifest
    c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\install.rdf
    c:\program files (x86)\MyWebSearch
    c:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST
    c:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3CJpeg.dll
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3DTactl.dll
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTtpct.dll
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCrctr.dll
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
    c:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
    c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
    c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S
    c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
    c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO
    c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO
    c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO
    c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
    c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO
    c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
    c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
    c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
    c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
    c:\program files (x86)\Shop to Win
    c:\program files (x86)\Shop to Win\InstallNotifier.exe
    c:\program files (x86)\Shop to Win\unins000.dat
    c:\program files (x86)\Shop to Win\unins000.exe
    c:\program files (x86)\StartNow Toolbar
    c:\program files (x86)\StartNow Toolbar\Reactivate.exe
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
    c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
    c:\program files (x86)\StartNow Toolbar\Resources\update.xml
    c:\program files (x86)\StartNow Toolbar\search_protect.exe
    c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
    c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
    c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe
    c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    c:\program files (x86)\StartNow Toolbar\uninstall.dat
    c:\program files (x86)\StartNow Toolbar\XBrowser.dll
    c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    c:\programdata\dsgsdgdsgdsgw.pad
    c:\programdata\HBLiteSA
    c:\programdata\HBLiteSA\HBLiteSA.dat
    c:\programdata\HBLiteSA\HBLiteSA_kyf.dat
    c:\programdata\HBLiteSA\HBLiteSAAbout.mht
    c:\programdata\HBLiteSA\HBLiteSAau.dat
    c:\programdata\HBLiteSA\HBLiteSAEULA.mht
    c:\programdata\LoJackNotifier.txt
    c:\programdata\lsass.exe
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk
    c:\users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2F7CA29F-2CED-4CF4-85E7-67FE92E3ECF7}.xps
    c:\users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5D3FE193-96E4-4601-9AD8-8BB1F0E6BDAD}.xps
    c:\users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7C447536-E387-4806-BC9D-1B5B1EA45CE2}.xps
    c:\users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B61BE594-8347-47F1-A1C2-19805A7AB9E1}.xps
    c:\users\Zoey\AppData\Roaming\HBLite
    c:\users\Zoey\AppData\Roaming\Install.dat
    c:\users\Zoey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
    c:\users\Zoey\GoToAssistDownloadHelper.exe
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\SysWow64\f3PSSavr.scr
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_CouponAlert_2pService
    -------\Service_MyWebSearchService
    -------\Service_Updater Service for StartNow Toolbar
    -------\Service_Updater Service for StartNow Toolbar
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-24 to 2012-12-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-24 16:56 . 2012-12-24 16:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-10 17:37 . 2010-09-17 20:28 65309168 ----a-w- c:\windows\system32\MRT.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0095C290-A428-4BDD-B98C-E0A116F1C702}]
    2010-12-29 18:20 14432 ----a-w- c:\program files (x86)\Shop to Win 9\Shop to Win 9.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
    2010-09-30 00:22 1515008 ----a-w- c:\program files (x86)\MyPoints Point Finder\Toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files (x86)\MyPoints Point Finder\Toolbar.dll" [2010-09-30 1515008]
    .
    [HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
    [HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
    [HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facebook Update"="c:\users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
    "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-10-03 560128]
    "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
    .
    c:\users\Zoey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 0090911356367384mcinstcleanup;McAfee Application Installer Cleanup (0090911356367384);c:\users\Zoey\AppData\Local\Temp\009091~1.EXE [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-17 1255736]
    R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
    R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
    R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-412875962-3660707953-878319841-1000Core.job
    - c:\users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-08 21:45]
    .
    2012-12-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-412875962-3660707953-878319841-1000UA.job
    - c:\users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-08 21:45]
    .
    2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 07:09]
    .
    2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 07:09]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120909&user_guid=4D4C7B9D74BF40A7AC7DC0C37A6F1B7B&machine_id=b7491b8a7ad1b38c11e583f84845526d&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.9.1.0/GarminAxControl.CAB
    DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    BHO-{07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
    BHO-{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - c:\progra~2\COUPON~2\bar\1.bin\2pbar.dll
    BHO-{60e91567-ef8a-4520-bce2-83aba5256799} - c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
    Toolbar-Locked - (no file)
    Toolbar-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
    Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
    Toolbar-{3462c343-be19-4143-af70-cefb56f46fc6} - c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    Wow6432Node-HKCU-Run-StartNow Search Protect - c:\program files (x86)\StartNow Toolbar\search_protect.exe
    Wow6432Node-HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe
    Wow6432Node-HKLM-Run-MyWebSearch Email Plugin - c:\progra~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
    Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-Coupon Alert Search Scope Monitor - c:\progra~2\COUPON~2\bar\1.bin\2psrchmn.exe
    Wow6432Node-HKLM-Run-CouponAlert_2p Browser Plugin Loader - c:\progra~2\COUPON~2\bar\1.bin\2pbrmon.exe
    Toolbar-Locked - (no file)
    WebBrowser-{89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - (no file)
    AddRemove-82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - c:\program files (x86)\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
    AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
    AddRemove-EpicPlay - c:\program files (x86)\EpicPlay\epicRemoval.exe
    AddRemove-HBLiteSA - c:\program files (x86)\HBLite\bin\11.0.264.0\HBLiteUninstaller.exe
    AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
    AddRemove-{F5FB599D-2C5C-4A5F-B8CD-9B7AAD13F80A}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-412875962-3660707953-878319841-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-412875962-3660707953-878319841-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-12-24 10:10:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-12-24 17:10
    .
    Pre-Run: 418,507,485,184 bytes free
    Post-Run: 418,299,854,848 bytes free
    .
    - - End Of File - - BFC63DCFC4AC055CFBDBA7472C679471


    Thanks for all you help. I am very thankful for help with this.
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    ClearJavaCache::
    Folder::
    c:\program files (x86)\Shop to Win 9
    c:\program files (x86)\MyPoints Point Finder
    Rgistry::
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0095C290-A428-4BDD-B98C-E0A116F1C702}]
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"=-
    [-HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
    [-HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
    [-HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
    [-HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
    DDS::
    uStart Page = hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=9 99&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&instal l_country=&install_date=20120909&user_guid=4D4C7B9D74BF40A7AC7DC0C37A6F1B7B &machine_id=b7491b8a7ad1b38c11e583f84845526d&browser=IE&os=win&os_version=6 .1-x64-SP0&iesrc={referrer:source}
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Post those two logs, also give an update on any remaining issues or concerns..

    Kevin...:)
     
  5. swonkie

    swonkie Thread Starter

    Joined:
    Dec 23, 2012
    Messages:
    8
    I have both logs you have asked. Had to work on the first one a little. I unplugged the internet and plugged it back in and worked. Thank goodness. I am so glad you guys are so easy to walk thru all this.

    ComboFix 12-12-23.01 - Zoey 12/24/2012 16:38:38.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2099 [GMT -7:00]
    Running from: c:\users\Zoey\Desktop\ComboFix.exe
    Command switches used :: c:\users\Zoey\Desktop\CFScript.txt
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\MyPoints Point Finder
    c:\program files (x86)\MyPoints Point Finder\aboutTabs.7.js
    c:\program files (x86)\MyPoints Point Finder\aboutTabs.8.js
    c:\program files (x86)\MyPoints Point Finder\audio.bmp
    c:\program files (x86)\MyPoints Point Finder\banner_container.html
    c:\program files (x86)\MyPoints Point Finder\blockcursor.cur
    c:\program files (x86)\MyPoints Point Finder\blocksound.wav
    c:\program files (x86)\MyPoints Point Finder\bookmark_off.bmp
    c:\program files (x86)\MyPoints Point Finder\bookmark_on.bmp
    c:\program files (x86)\MyPoints Point Finder\bookmarksplugin.dll
    c:\program files (x86)\MyPoints Point Finder\bubble_permissions.html
    c:\program files (x86)\MyPoints Point Finder\build
    c:\program files (x86)\MyPoints Point Finder\caching_banner.html
    c:\program files (x86)\MyPoints Point Finder\chevron.bmp
    c:\program files (x86)\MyPoints Point Finder\component.xsl
    c:\program files (x86)\MyPoints Point Finder\default.xml
    c:\program files (x86)\MyPoints Point Finder\efolder.bmp
    c:\program files (x86)\MyPoints Point Finder\email.bmp
    c:\program files (x86)\MyPoints Point Finder\email2.bmp
    c:\program files (x86)\MyPoints Point Finder\emailchecker_plugin.dll
    c:\program files (x86)\MyPoints Point Finder\facebook.feature
    c:\program files (x86)\MyPoints Point Finder\fbrss.xsl
    c:\program files (x86)\MyPoints Point Finder\ff.xsl
    c:\program files (x86)\MyPoints Point Finder\folder.bmp
    c:\program files (x86)\MyPoints Point Finder\Helper.dll
    c:\program files (x86)\MyPoints Point Finder\icons.bmp
    c:\program files (x86)\MyPoints Point Finder\iefavelem.bmp
    c:\program files (x86)\MyPoints Point Finder\ImageConversion.dll
    c:\program files (x86)\MyPoints Point Finder\images\amazon.bmp
    c:\program files (x86)\MyPoints Point Finder\images\ebay.bmp
    c:\program files (x86)\MyPoints Point Finder\images\email.bmp
    c:\program files (x86)\MyPoints Point Finder\images\email2.bmp
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\down.gif
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\hr.bmp
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\mark.png
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\mark_do.png
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\mark_na.png
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\navbg.bmp
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\refresh.png
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\refresh_do.png
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\refresh_na.png
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\trash.png
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\trash_do.png
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\trash_na.png
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\unmark.png
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\unmark_do.png
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\unmark_na.png
    c:\program files (x86)\MyPoints Point Finder\images\msgbox\up.gif
    c:\program files (x86)\MyPoints Point Finder\images\ticker\left.gif
    c:\program files (x86)\MyPoints Point Finder\images\ticker\right.gif
    c:\program files (x86)\MyPoints Point Finder\images\weather\0.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\1.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\10.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\11.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\12.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\13.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\14.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\15.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\16.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\17.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\18.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\19.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\2.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\20.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\21.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\22.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\23.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\24.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\25.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\26.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\27.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\28.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\29.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\3.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\30.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\31.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\32.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\33.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\34.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\35.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\36.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\37.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\38.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\39.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\4.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\40.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\41.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\42.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\43.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\44.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\45.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\46.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\47.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\5.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\6.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\7.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\8.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\9.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\hr.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\na.bmp
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\0.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\1.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\10.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\11.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\12.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\13.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\14.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\15.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\16.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\17.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\18.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\19.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\2.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\20.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\21.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\22.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\23.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\24.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\25.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\26.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\27.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\28.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\29.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\3.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\30.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\31.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\32.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\33.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\34.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\35.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\36.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\37.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\38.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\39.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\4.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\40.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\41.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\42.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\43.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\44.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\45.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\46.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\47.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\5.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\6.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\7.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\8.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\9.png
    c:\program files (x86)\MyPoints Point Finder\images\weather\png\na.png
    c:\program files (x86)\MyPoints Point Finder\images\wikipedia.bmp
    c:\program files (x86)\MyPoints Point Finder\images\yahoo.bmp
    c:\program files (x86)\MyPoints Point Finder\localization.xml
    c:\program files (x86)\MyPoints Point Finder\location.xsl
    c:\program files (x86)\MyPoints Point Finder\magglass.ico
    c:\program files (x86)\MyPoints Point Finder\manage_bookmarks.html
    c:\program files (x86)\MyPoints Point Finder\marquee.html
    c:\program files (x86)\MyPoints Point Finder\marquee_permissions.html
    c:\program files (x86)\MyPoints Point Finder\messaging.bmp
    c:\program files (x86)\MyPoints Point Finder\minus.bmp
    c:\program files (x86)\MyPoints Point Finder\msgbox_bubble.tmpl
    c:\program files (x86)\MyPoints Point Finder\msgbox_openmsg.tmpl
    c:\program files (x86)\MyPoints Point Finder\msgboxplugin.dll
    c:\program files (x86)\MyPoints Point Finder\offline.html
    c:\program files (x86)\MyPoints Point Finder\patch.bat
    c:\program files (x86)\MyPoints Point Finder\plus.bmp
    c:\program files (x86)\MyPoints Point Finder\podcast.bmp
    c:\program files (x86)\MyPoints Point Finder\podcast.xsl
    c:\program files (x86)\MyPoints Point Finder\radio.bmp
    c:\program files (x86)\MyPoints Point Finder\RadioPlugin.dll
    c:\program files (x86)\MyPoints Point Finder\resize.bmp
    c:\program files (x86)\MyPoints Point Finder\rssfeed.bmp
    c:\program files (x86)\MyPoints Point Finder\RSSReader_plugin.dll
    c:\program files (x86)\MyPoints Point Finder\search.xsl
    c:\program files (x86)\MyPoints Point Finder\SearchComponent.dll
    c:\program files (x86)\MyPoints Point Finder\settings
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_dropdwn_down.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_dropdwn_over.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_dropdwn_up.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_max_down.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_max_over.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_max_up.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_min_down.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_min_over.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_min_up.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_pause_down.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_pause_over.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_pause_up.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_play_down.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_play_over.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_play_up.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_playcntrl_over.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_playcntrl_up.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_stop_down.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_stop_over.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_stop_up.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_volcntrl_over.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\btn_volcntrl_up.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\Equalizer1.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\Equalizer2.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\Equalizer3.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\Equalizer4.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\Equalizer5.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\Equalizer6.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\playcntrl_bg.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\radio.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\radio_mask.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\radio_minimalized.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\radio_minimalized_mask.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\station.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\vol_01.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\vol_02.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\vol_03.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\volslide_bg.bmp
    c:\program files (x86)\MyPoints Point Finder\skins\radio\gray03\volslide_track.bmp
    c:\program files (x86)\MyPoints Point Finder\star_on.gif
    c:\program files (x86)\MyPoints Point Finder\ticker.html
    c:\program files (x86)\MyPoints Point Finder\Toolbar.dll
    c:\program files (x86)\MyPoints Point Finder\ToolbarUpdate.exe
    c:\program files (x86)\MyPoints Point Finder\TroubleShooter.exe
    c:\program files (x86)\MyPoints Point Finder\Uninst.exe
    c:\program files (x86)\MyPoints Point Finder\update_progress.html
    c:\program files (x86)\MyPoints Point Finder\version.txt
    c:\program files (x86)\MyPoints Point Finder\version.xsl
    c:\program files (x86)\MyPoints Point Finder\weather_bubble.tmpl
    c:\program files (x86)\MyPoints Point Finder\weatherplugin.dll
    c:\program files (x86)\Shop to Win 9
    c:\program files (x86)\Shop to Win 9\patch.bat
    c:\program files (x86)\Shop to Win 9\settings.xml
    c:\program files (x86)\Shop to Win 9\Shop to Win 9.dll
    c:\program files (x86)\Shop to Win 9\ShoppingBHO.dll
    c:\program files (x86)\Shop to Win 9\ShopToWin.ico
    c:\program files (x86)\Shop to Win 9\Uninst.exe
    c:\program files (x86)\Shop to Win 9\version.txt
    .
    Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-25 to 2012-12-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-24 23:59 . 2012-12-24 23:59 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED085BAF-6BE1-4210-8677-D157A9495312}\offreg.dll
    2012-12-24 23:48 . 2012-12-24 23:48 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-24 23:34 . 2012-11-19 08:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED085BAF-6BE1-4210-8677-D157A9495312}\mpengine.dll
    2012-12-24 18:14 . 2012-12-24 18:14 -------- d-----w- c:\windows\system32\SPReview
    2012-12-24 18:12 . 2012-12-24 18:12 -------- d-----w- c:\windows\system32\EventProviders
    2012-12-24 18:02 . 2012-12-24 18:02 -------- d-----w- c:\program files (x86)\McAfeeMOBK
    2012-12-24 18:02 . 2010-04-14 03:10 66040 ----a-w- c:\windows\system32\drivers\MOBK.sys
    2012-12-24 18:02 . 2012-12-24 18:02 -------- d-----w- c:\program files (x86)\McAfee Online Backup
    2012-12-24 18:02 . 2012-05-28 17:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    2012-12-24 17:48 . 2012-11-09 13:37 177680 ----a-w- c:\windows\system32\mfevtps.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-24 18:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-12-24 18:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-12-24 18:10 . 2012-06-29 20:24 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-24 18:10 . 2012-06-29 20:24 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-11-09 13:40 . 2012-11-09 13:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-11-09 13:37 . 2012-11-09 13:37 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-11-09 13:35 . 2012-11-09 13:35 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-11-09 13:34 . 2012-11-09 13:34 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-11-09 13:34 . 2012-11-09 13:34 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-11-09 13:33 . 2012-11-09 13:33 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-11-02 08:46 . 2012-11-02 08:46 97208 ----a-w- c:\windows\system32\drivers\mfencrk.sys
    2012-11-02 08:46 . 2012-11-02 08:46 328976 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
    2012-11-02 08:46 . 2012-11-02 08:46 10544 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
    2012-10-10 17:37 . 2010-09-17 20:28 65309168 ----a-w- c:\windows\system32\MRT.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL [BU]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL [BU]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772}]
    c:\progra~2\COUPON~2\bar\1.bin\2pbar.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799}]
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}]
    c:\program files (x86)\StartNow Toolbar\Toolbar32.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{07B18EA9-A523-4961-B6BB-170DE4475CCA}"= "c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL" [BU]
    "{5911488E-9D1E-40ec-8CBB-06B231CC153F}"= "c:\program files (x86)\StartNow Toolbar\Toolbar32.dll" [BU]
    "{3462c343-be19-4143-af70-cefb56f46fc6}"= "c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll" [BU]
    .
    [HKEY_CLASSES_ROOT\clsid\{07b18ea9-a523-4961-b6bb-170de4475cca}]
    .
    [HKEY_CLASSES_ROOT\clsid\{5911488e-9d1e-40ec-8cbb-06b231cc153f}]
    .
    [HKEY_CLASSES_ROOT\clsid\{3462c343-be19-4143-af70-cefb56f46fc6}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facebook Update"="c:\users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
    "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-10-03 560128]
    "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
    .
    c:\users\Zoey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
    R2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-05-28 197264]
    R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2012-11-02 97208]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-17 1255736]
    R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
    R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
    R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]
    S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]
    S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
    S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
    S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2012-10-06 1007288]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]
    S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]
    S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2012-11-02 328976]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 18:10]
    .
    2012-12-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-412875962-3660707953-878319841-1000Core.job
    - c:\users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-08 21:45]
    .
    2012-12-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-412875962-3660707953-878319841-1000UA.job
    - c:\users\Zoey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-08 21:45]
    .
    2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 07:09]
    .
    2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 07:09]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
    @="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
    [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
    2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
    @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
    [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
    2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
    @="{b4caf489-1eec-c617-49ad-8d7088598c06}"
    [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
    2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.9.1.0/GarminAxControl.CAB
    DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{0095C290-A428-4BDD-B98C-E0A116F1C702} - c:\program files (x86)\Shop to Win 9\Shop to Win 9.dll
    BHO-{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - c:\program files (x86)\MyPoints Point Finder\Toolbar.dll
    Toolbar-Locked - (no file)
    Toolbar-{89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - c:\program files (x86)\MyPoints Point Finder\Toolbar.dll
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-mcpltui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
    WebBrowser-{89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - (no file)
    AddRemove-82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - c:\program files (x86)\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
    AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
    AddRemove-EpicPlay - c:\program files (x86)\EpicPlay\epicRemoval.exe
    AddRemove-HBLiteSA - c:\program files (x86)\HBLite\bin\11.0.264.0\HBLiteUninstaller.exe
    AddRemove-MyPoints Point Finder - c:\program files (x86)\MyPoints Point Finder\Uninst.exe
    AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
    AddRemove-{F5FB599D-2C5C-4A5F-B8CD-9B7AAD13F80A}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-412875962-3660707953-878319841-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-412875962-3660707953-878319841-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-12-24 17:04:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-12-25 00:04
    ComboFix2.txt 2012-12-24 17:10
    .
    Pre-Run: 427,602,427,904 bytes free
    Post-Run: 427,773,886,464 bytes free
    .
    - - End Of File - - 4352AE3FAC94AB110368CDCBEE97A577



    C:\Qoobox\Quarantine\C\Users\Zoey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk.vir Win32/Reveton.J trojan
    C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DUI268FM\7516fd43adaa5e0b8a65a672c39845d2[1].htm HTML/Iframe.B.Gen virus
    C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q0XNCIJ3\7516fd43adaa5e0b8a65a672c39845d2[1].htm HTML/Iframe.B.Gen virus
    C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Zoey\Desktop\test.exe a variant of Win32/Kryptik.NLQ trojan


    I unistalled the application. I think everything is looking better on the computer. I am at least able to keep on internet without that popping back up. This is my daughters laptop for college so I hope next time she is more careful with what she is doing and doesn't allow her boyfriend on it.

    Merry X-Mas and thank you again for this help.
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Thankss for the update, continue as follows:

    download OTM from either of the following links and save to your Desktop:

    http://oldtimer.geekstogo.com/OTM.exe.
    http://www.itxassociates.com/OT-Tools/OTM.com
    http://www.itxassociates.com/OT-Tools/OTM.exe

    Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....
    • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Files
      ipconfig /flushdns /c
      C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DUI268FM\7516fd43adaa5e0b8a65a672c39845d2[1].htm
      C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q0XNCIJ3\7516fd43adaa5e0b8a65a672c39845d2[1].htm
      C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Zoey\Desktop\test.exe
      :Commands
      [EmptyTemp]
      
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Next,

    download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Post those 3 logs in next reply, let me know if any remaining issues or concerns..

    Merry Christmas,

    Kevin
     
  7. swonkie

    swonkie Thread Starter

    Joined:
    Dec 23, 2012
    Messages:
    8
    Here are the next three logs requested. Hopefully it looks good.



    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Zoey\Downloads\cmd.bat deleted successfully.
    C:\Users\Zoey\Downloads\cmd.txt deleted successfully.
    C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DUI268FM\7516fd43adaa5e0b8a65a672c39845d2[1].htm moved successfully.
    C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q0XNCIJ3\7516fd43adaa5e0b8a65a672c39845d2[1].htm moved successfully.
    C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Zoey\Desktop\test.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Zoey
    ->Temp folder emptied: 152843 bytes
    ->Temporary Internet Files folder emptied: 665547063 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 17427246 bytes
    ->Google Chrome cache emptied: 55217530 bytes
    ->Apple Safari cache emptied: 32768 bytes
    ->Flash cache emptied: 40190 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 61148872 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 38510894 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1883360 bytes
    RecycleBin emptied: 522240 bytes

    Total Files Cleaned = 802.00 mb


    OTM by OldTimer - Version 3.1.21.0 log created on 12252012_153115
    Files moved on Reboot...
    C:\Users\Zoey\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    Registry entries deleted on Reboot...



    # AdwCleaner v2.103 - Logfile created 12/25/2012 at 15:41:15
    # Updated 25/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Zoey - ZOEY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Zoey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BR7YXPYE\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Deleted : C:\Users\Zoey\AppData\LocalLow\CouponAlert_2p
    Folder Deleted : C:\Users\Zoey\AppData\LocalLow\FunWebProducts
    Folder Deleted : C:\Users\Zoey\AppData\LocalLow\MyWebSearch
    Folder Deleted : C:\Users\Zoey\Documents\DealRunner
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p
    Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
    Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
    Key Deleted : HKCU\Software\AppDataLow\Software\iWon
    Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Deleted : HKCU\Software\ShopToWin
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063123.JSOptionsImpl
    Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063123.JSOptionsImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.JSOptionsImpl
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.JSOptionsImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
    Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
    Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
    Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
    Key Deleted : HKLM\Software\CouponAlert_2p
    Key Deleted : HKLM\Software\FocusInteractive
    Key Deleted : HKLM\Software\Fun Web Products
    Key Deleted : HKLM\Software\FunWebProducts
    Key Deleted : HKLM\Software\HBLite
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
    Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
    Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
    Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
    Key Deleted : HKLM\Software\MyWebSearch
    Key Deleted : HKLM\Software\StartNow Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1F0A2185-DA7E-4614-91C0-DD5F4A76CB1B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{23B0AE65-17D2-4491-98E5-B1AA6228DDA2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{23B38049-323F-443D-9732-F454E5B15B72}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D205ADF-C992-4EDA-99C3-096E13F38AB4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{411B1946-3277-4A7F-9F60-745266360613}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{457A4CB8-0391-409D-98B4-C4CCB2849670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D8EACBC-E293-4462-B91E-42EA5B54B743}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60E91567-EF8A-4520-BCE2-83ABA5256799}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7717F4B3-397F-4CE5-9192-6EFFDE3AC999}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{84576F6E-0660-4B4F-8918-BC6C975044D4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86D02BCF-0E0E-444F-8A8D-2D5C4A9E6578}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8867AC9B-4426-44A2-A693-C95850D3405C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DEF07ACD-BCEA-4269-933A-4087D20842BB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBBC4E43-292A-40DF-88E3-3262B7521460}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\FCTB000060497
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E91567-EF8A-4520-BCE2-83ABA5256799}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\hblitesa
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]_2p.com]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{3462C343-BE19-4143-AF70-CEFB56F46FC6}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16450
    [OK] Registry is clean.
    -\\ Mozilla Firefox v [Unable to get version]
    File : C:\Users\Zoey\AppData\Roaming\Mozilla\Firefox\Profiles\7xu7oblc.default\prefs.js
    C:\Users\Zoey\AppData\Roaming\Mozilla\Firefox\Profiles\7xu7oblc.default\user.js ... Deleted !
    [OK] File is clean.
    -\\ Google Chrome v23.0.1271.97
    File : C:\Users\Zoey\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Deleted [l.11] : homepage = "hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&prov[...]
    Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://search.startnow.com/s/?src=startpage&provider=&prov[...]
    Deleted [l.39] : icon_url = "hxxp://www.startnow.com/startnow/images/sn_favicon.ico",
    Deleted [l.44] : search_url = "hxxp://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_[...]
    Deleted [l.201] : homepage = "hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provide[...]
    Deleted [l.261] : urls_to_restore_on_startup = [ "hxxp://search.startnow.com/s/?src=startpage&provider=&provide[...]
    *************************
    AdwCleaner[S1].txt - [31680 octets] - [25/12/2012 15:41:15]
    ########## EOF - C:\AdwCleaner[S1].txt - [31741 octets] ##########



    Results of screen317's Security Check version 0.99.56
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 21
    Java version out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.97
    Google Chrome plugins...
    ````````Process Check: objlist.exe by Laurent````````
    McAfee Online Backup MOBKbackup.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3%
    ````````````````````End of Log``````````````````````



    Thanks for all your fast responses. And let me know if there is anything else. Thanks again
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Ok, continue as follows....

    Remove Combofix now that we're done with it
    • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
      [​IMG]
    • Please follow the prompts to uninstall Combofix.
    • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
    The above procedure will delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:_OtMoveIt folder, if present
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.

    It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

    Next,

    Uninstall adwcleaner.exe
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall
    • Click Yes at Would you like to Uninstall Adwcleaner

    Next,

    • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7 accept UAC
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself.

    Any tools/logs remaining on the Desktop can be deleted. Such as Security Checks

    Next,
    Adobe Reader is outdated...
    Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

    Step 1 - Select your Operating System.
    Step 2 - Select your Langauge.
    Step 3 - Select latest version.

    Untick the option for McAfee security scanner if offered.

    Download and install.

    Having the latest updates ensures there are no security vulnerabilities in your system.

    Next,

    Your Java [​IMG] maybe out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version of Java components and upgrade the application.

    Upgrading Java:

    Go to http://java.com/en/ and click on "Do I have Java"
    It will check your current version and then offer to update to the latest version
    Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

    ***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

    Next,

    Download [​IMG] TFC to your desktop, from either of the following links
    http://oldtimer.geekstogo.com/TFC.exe
    http://itxassociates.com/OT-Tools/TFC.exe
    • Save any open work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
    • If prompted, click "Yes" to reboot.
    TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

    Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

    If your security reacts against TFC either allow it or turn the security OFF whilst TFC runs....

    Also make sure to get your security back up and running.

    Let me know if those steps complete OK, also if any remaining isues or concerns...

    Kevin....:)
     
  9. swonkie

    swonkie Thread Starter

    Joined:
    Dec 23, 2012
    Messages:
    8
    I completed all and it seems perfect now. Thanks so much. I can't believe how easy you made this.
    I was only wondering which Antivirus you recommed. I had McAfee on it, but alot of people say Windows Defender is better. Before I add one to her computer please let me know which you prefer. I truly appreciate all your help with this. Now she can get back to her school. Thanks again
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    On my own system I use Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. The FW and MSE are free, Malwarebytes Pro is about £20 for a lifetime licence, auto updates and realtime protection, those all work well together.
    If you Install MSE it will ask to turn on the Windows Firewall if McAfee is not currently in use.

    If you have UNinstalled McAfee it is still worthwhile running a McAfee removal tool to ensure all remnants are gone..

    Go Here and download the McAfee removal tool, save it to your Desktop. Double click the tool to run it, Vista or Windows 7 users right click and select "Run as Administrator" re-boot when requested to complete the task.

    This my intro for MSE:

    To keep safe when online you need a good Antivirus/Antspyware/Antimalware/Anti-Rootkit combination application. Microsoft Security Essentials covers all of those bases, but better still it is free. Go here http://www.microsoft.com/security_essentials/ select your Operating System, download, install and follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen. Let me know if tit finds anything from the scan...

    For Malwarebytes Pro go here http://www.malwarebytes.org/ that link will also give information...

    I use and prefer FireFox as my browser, I use AdBlock Plus and Web of Trust (WOT) addons....

    Let me know if you have any remaining issues or concerns, if not hit the "Mark Solved" tab at the top of the thread...

    Kevin
     
  11. swonkie

    swonkie Thread Starter

    Joined:
    Dec 23, 2012
    Messages:
    8
    Thank you for all the information. I will look into what you have now. If anything comes up I will let you know. Thanks again.
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Thanks for the update, Here are some tips to reduce the potential for malware infection in the future:

    Make proper use of your antivirus and firewall

    Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

    You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

    Install and use WinPatrol from here http://www.winpatrol.com/download.html This will inform you of any attempted unauthorized changes to your system.

    WinPatrol features explained here http://www.winpatrol.com/features.html

    Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)
    If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

    Use a safer web browser

    Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

    FireFox http://www.mozilla.com/en-US/,

    Opera http://www.opera.com/, and

    Chrome http://www.google.com/chrome.

    All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

    These browser add-ons will help to make your browser safer:

    Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

    Available for Firefox and Internet Explorer.

    Green to go,
    Yellow for caution, and
    Red to stop.


    Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

    These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:
    http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

    Here a couple of links by two security experts that will give some excellent tips and advice.

    So how did I get infected in the first place by Tony Klein

    How to prevent Malware by Miekiemoes

    Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

    Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

    It was a pleasure to work with you, take care,

    Kevin
     
  13. swonkie

    swonkie Thread Starter

    Joined:
    Dec 23, 2012
    Messages:
    8
    Kevin,
    I have finally been able to put the Maleware and Microsoft Essentials on the computer. I was playing with her Itunes and was trying to update it before I send her computer back. The Icon has a run as administartor icon on the side of it. I click it and it asks if I want to allow changes. I click yes and it opens but I am having trouble with it to allow me to download cds for her onto her account.
    If I close Itunes and restart the whole thing with every new cd I put in it works. How come just putting in the cd like I did before doesnt let it auto play.
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. That information was included in the Combofix instructions. If you go to the following link (which was also available within the Combofix instructions) a full explanation is given.

    http://thespykiller.co.uk/index.php?page=20

    If you go to this link http://support.microsoft.com/kb/967715 Scroll down to the two "Fixits" one is to disable Autorun and the other enable Autorun.....

    I`d still recommend that Autorun is left disabled for protection...

    Kevin...(y)
     
  15. swonkie

    swonkie Thread Starter

    Joined:
    Dec 23, 2012
    Messages:
    8
    Thanks
    I will let her know so she can decide. Hopefully she takes your recommendation since you are the one how got her computer to work again. lol..
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1082160

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice